Add received_sig_algs member to struct mbedtls_ssl_handshake_params
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 093732e..049195e 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -268,7 +268,7 @@
#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-#define MBEDTLS_SIG_ALGS_SIZE 20
+#define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20
#endif
/*
@@ -600,6 +600,10 @@
mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE];
+#endif
+
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
const uint16_t *group_list;
const uint16_t *sig_algs;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 2f4d04e..86699d9 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -155,26 +155,25 @@
const unsigned char *end )
{
const unsigned char *p = buf;
- size_t sig_algs_len = 0;
- uint16_t *sig_algs;
- const unsigned char *sig_algs_end;
+ size_t supported_sig_algs_len = 0;
+ const unsigned char *supported_sig_algs_end;
uint16_t sig_alg;
uint32_t common_idx = 0; /* iterate through received signature schemes list */
/* skip 2 bytes of signature algorithms length */
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
- sig_algs_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ supported_sig_algs_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
- sig_algs = mbedtls_calloc( MBEDTLS_SIG_ALGS_SIZE, sizeof( uint16_t ) );
- if( sig_algs == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ memset( ssl->handshake->received_sig_algs, 0,
+ sizeof( ssl->handshake->received_sig_algs) );
- MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, sig_algs_len );
- sig_algs_end = p + sig_algs_len;
- while( p < sig_algs_end && common_idx + 1 < MBEDTLS_SIG_ALGS_SIZE )
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, supported_sig_algs_len );
+ supported_sig_algs_end = p + supported_sig_algs_len;
+ while( p < supported_sig_algs_end &&
+ common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE )
{
- MBEDTLS_SSL_CHK_BUF_READ_PTR( p, sig_algs_end, 2 );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, supported_sig_algs_end, 2 );
sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
@@ -184,7 +183,7 @@
if( mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) &&
mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) )
{
- sig_algs[common_idx] = sig_alg;
+ ssl->handshake->received_sig_algs[common_idx] = sig_alg;
common_idx += 1;
}
}
@@ -195,7 +194,6 @@
( "Signature algorithms extension length misaligned" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
MBEDTLS_ERR_SSL_DECODE_ERROR );
- mbedtls_free( sig_algs );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
@@ -204,13 +202,10 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature algorithm in common" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
- mbedtls_free( sig_algs );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
- sig_algs[common_idx] = MBEDTLS_TLS1_3_SIG_NONE;
- ssl->handshake->sig_algs = sig_algs;
- ssl->handshake->sig_algs_heap_allocated = 1;
+ ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS1_3_SIG_NONE;
return( 0 );
}