Refactor get_sig_alg_from pk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 51fd982..cc7a0ac 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -982,15 +982,16 @@
/*
* STATE HANDLING: Output Certificate Verify
*/
-static uint16_t ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
- mbedtls_pk_context *own_key,
- mbedtls_pk_type_t *pk_type,
- mbedtls_md_type_t *md_alg)
+static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
+ mbedtls_pk_context *own_key,
+ uint16_t *algorithm,
+ mbedtls_pk_type_t *pk_type,
+ mbedtls_md_type_t *md_alg)
{
mbedtls_pk_type_t sig = mbedtls_ssl_sig_from_pk( own_key );
/* Determine the size of the key */
size_t own_key_size = mbedtls_pk_get_bitlen( own_key );
- uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE;
+ *algorithm = MBEDTLS_TLS1_3_SIG_NONE;
((void) own_key_size);
switch( sig )
@@ -1000,20 +1001,20 @@
switch( own_key_size )
{
case 256:
- algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
+ *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
*md_alg = MBEDTLS_MD_SHA256;
*pk_type = MBEDTLS_PK_ECDSA;
- break;
+ return( 0 );
case 384:
- algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
+ *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
*md_alg = MBEDTLS_MD_SHA384;
*pk_type = MBEDTLS_PK_ECDSA;
- break;
+ return( 0 );
case 521:
- algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
+ *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
*md_alg = MBEDTLS_MD_SHA512;
*pk_type = MBEDTLS_PK_ECDSA;
- break;
+ return( 0 );
default:
MBEDTLS_SSL_DEBUG_MSG( 3,
( "unknown key size: %"
@@ -1030,25 +1031,28 @@
mbedtls_ssl_sig_alg_is_received( ssl,
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) )
{
- algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
*md_alg = MBEDTLS_MD_SHA256;
*pk_type = MBEDTLS_PK_RSASSA_PSS;
+ return( 0 );
}
else if( own_key_size <= 3072 &&
mbedtls_ssl_sig_alg_is_received( ssl,
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) )
{
- algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
*md_alg = MBEDTLS_MD_SHA384;
*pk_type = MBEDTLS_PK_RSASSA_PSS;
+ return( 0 );
}
else if( own_key_size <= 4096 &&
mbedtls_ssl_sig_alg_is_received( ssl,
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) )
{
- algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
*md_alg = MBEDTLS_MD_SHA512;
*pk_type = MBEDTLS_PK_RSASSA_PSS;
+ return( 0 );
}
break;
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
@@ -1057,7 +1061,7 @@
( "unkown signature type : %u", sig ) );
break;
}
- return( algorithm );
+ return( -1 );
}
static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
@@ -1112,10 +1116,9 @@
* opaque signature<0..2^16-1>;
* } CertificateVerify;
*/
- algorithm = ssl_tls13_get_sig_alg_from_pk( ssl, own_key,
- &pk_type, &md_alg );
- if( algorithm == MBEDTLS_TLS1_3_SIG_NONE ||
- ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
+ ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm,
+ &pk_type, &md_alg );
+ if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "signature algorithm not in received or offered list." ) );