commit 4d2329fd8acfaf7fdf4bc5446ace48cc1abba731
author XiaokangQian <xiaokang.qian@arm.com> Wed Nov 24 02:27:38 2021 +0000
committer XiaokangQian <xiaokang.qian@arm.com> Thu Nov 25 02:21:16 2021 +0000
tree 83cc2c08662f2aec38b5615a3ee10c49a0b5cf08
parent 7285067a8cdd884099468a62ceaa3b0d767ff24b

Change code based on reviews

Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

library/ssl_tls13_generic.c

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index d5a67a9..f9ad5da 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -381,11 +381,6 @@
             sig_alg = MBEDTLS_PK_RSASSA_PSS;
             break;
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-        case MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256:
-            MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PKCS1 V1.5" ) );
-            md_alg = MBEDTLS_MD_SHA256;
-            sig_alg = MBEDTLS_PK_RSA;
-            break;
         default:
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
             goto error;

programs/ssl/ssl_client2.c

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 204b975..214f471 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1538,6 +1538,10 @@
             {
                 sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256;
             }
+            else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 )
+            {
+                sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256;
+            }
             else
             {
                 mbedtls_printf( "unknown signature algorithm %s\n", q );
@@ -1546,6 +1550,7 @@
                 mbedtls_printf( "ecdsa_secp384r1_sha384 " );
                 mbedtls_printf( "ecdsa_secp521r1_sha512 " );
                 mbedtls_printf( "rsa_pss_rsae_sha256 " );
+                mbedtls_printf( "rsa_pkcs1_sha256 " );
                 mbedtls_printf( "\n" );
                 goto exit;
             }

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8e22a91..dc29d0b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8916,12 +8916,7 @@
             "$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
             "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \
             0 \
-            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
             -s "Ephemeral EC Diffie-Hellman parameters" \
-            -s "Version: TLS1.3" \
-            -s "Cipher: AES-128-GCM" \
-            -S "Client Signature:" \
-            -s "Server Signature: RSA-PSS-RSAE-SHA256" \
             -c "ECDH curve: x25519"         \
             -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
             -c "Certificate Verify: Signature algorithm ( 0804 )" \