refactor get sig algo from pk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index ffbbbcf..0ebad93 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -352,7 +352,6 @@
{
mbedtls_ssl_key_cert *key_cert, *key_cert_list;
const uint16_t *sig_alg = ssl->handshake->received_sig_algs;
- uint16_t key_sig_alg;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if( ssl->handshake->sni_key_cert != NULL )
@@ -372,7 +371,6 @@
for( key_cert = key_cert_list; key_cert != NULL;
key_cert = key_cert->next )
{
- int ret;
MBEDTLS_SSL_DEBUG_CRT( 3, "certificate (chain) candidate",
key_cert->cert );
@@ -391,11 +389,9 @@
continue;
}
- ret = mbedtls_ssl_tls13_get_sig_alg_from_pk(
- ssl, &key_cert->cert->pk, &key_sig_alg );
- if( ret != 0 )
- continue;
- if( *sig_alg == key_sig_alg )
+ MBEDTLS_SSL_DEBUG_MSG( 2,("Try get sig alg %04x",*sig_alg));
+ if( mbedtls_ssl_tls13_sig_alg_is_available_for_pk(
+ ssl, *sig_alg, &key_cert->cert->pk ) )
{
ssl->handshake->key_cert = key_cert;
MBEDTLS_SSL_DEBUG_CRT(
@@ -406,6 +402,7 @@
}
}
+ MBEDTLS_SSL_DEBUG_MSG( 2,("No signature algorithm found"));
return( -1 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C &&