Use common macro for the invalid signiture algorithm botn in TLS 1.2 and 1.3
Introduce a new macro MBEDTLS_TLS_SIG_NONE for invalid signiture algorithm.
It is intended to use in common code of TLS 1.2 and 1.3.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index c7aa3b5..98cfebd 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -243,6 +243,35 @@
#define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+
+#define MBEDTLS_SSL_SIG_ALG( sig, hash ) (( hash << 8 ) | sig)
+#define MBEDTLS_SSL_SIG_FROM_SIG_ALG(alg) (alg & 0xFF)
+#define MBEDTLS_SSL_HASH_FROM_SIG_ALG(alg) (alg >> 8)
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C)
+#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), \
+ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_RSA, hash ),
+#elif defined(MBEDTLS_ECDSA_C)
+#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ),
+#elif defined(MBEDTLS_RSA_C)
+#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_RSA, hash ),
+#else
+#define MBEDTLS_SSL_SIG_ALG_SET( hash )
+#endif
+
+#define MBEDTLS_TLS_SIG_NONE MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ANON, \
+ MBEDTLS_SSL_HASH_NONE )
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
/*
* Check that we obey the standard's message size bounds
*/
@@ -1916,7 +1945,7 @@
if( sig_alg == NULL )
return( 0 );
- for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
+ for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ )
{
if( *sig_alg == own_sig_alg )
return( 1 );
@@ -1932,7 +1961,7 @@
if( sig_alg == NULL )
return( 0 );
- for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
+ for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ )
{
if( *sig_alg == proposed_sig_alg )
return( 1 );
@@ -2114,26 +2143,6 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-
-#define MBEDTLS_SSL_SIG_ALG( sig, hash ) (( hash << 8 ) | sig)
-#define MBEDTLS_SSL_SIG_FROM_SIG_ALG(alg) (alg & 0xFF)
-#define MBEDTLS_SSL_HASH_FROM_SIG_ALG(alg) (alg >> 8)
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C)
-#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), \
- MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_RSA, hash ),
-#elif defined(MBEDTLS_ECDSA_C)
-#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ),
-#elif defined(MBEDTLS_RSA_C)
-#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_RSA, hash ),
-#else
-#define MBEDTLS_SSL_SIG_ALG_SET( hash )
-#endif
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
* Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index daddc5a..3299159 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -847,7 +847,7 @@
p++;
#endif
}
- *p = MBEDTLS_TLS1_3_SIG_NONE;
+ *p = MBEDTLS_TLS_SIG_NONE;
ssl->handshake->sig_algs_heap_allocated = 1;
}
else
@@ -4138,7 +4138,7 @@
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
- MBEDTLS_TLS1_3_SIG_NONE
+ MBEDTLS_TLS_SIG_NONE
};
/* NOTICE: see above */
@@ -4153,7 +4153,7 @@
#if defined(MBEDTLS_SHA256_C)
MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA256 )
#endif
- MBEDTLS_TLS1_3_SIG_NONE
+ MBEDTLS_TLS_SIG_NONE
};
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* NOTICE: see above */
@@ -4179,7 +4179,7 @@
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
- MBEDTLS_TLS1_3_SIG_NONE
+ MBEDTLS_TLS_SIG_NONE
};
/* NOTICE: see above */
@@ -4191,7 +4191,7 @@
#if defined(MBEDTLS_SHA384_C)
MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA384 )
#endif
- MBEDTLS_TLS1_3_SIG_NONE
+ MBEDTLS_TLS_SIG_NONE
};
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -4215,7 +4215,7 @@
size_t i, j;
int ret = 0;
- for( i = 0; sig_algs[i] != MBEDTLS_TLS1_3_SIG_NONE; i++ )
+ for( i = 0; sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++ )
{
for( j = 0; j < i; j++ )
{
@@ -4944,7 +4944,7 @@
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
- ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS1_3_SIG_NONE;
+ ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS_SIG_NONE;
return( 0 );
}
@@ -7660,8 +7660,7 @@
unsigned int i;
uint16_t sig_alg = mbedtls_ssl_sig_from_pk_alg( pk_alg );
uint16_t *set = ssl->handshake->received_sig_algs;
- uint16_t invalid_sig_alg = MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ANON,
- MBEDTLS_SSL_HASH_NONE );
+ uint16_t invalid_sig_alg = MBEDTLS_TLS_SIG_NONE;
if( sig_alg == MBEDTLS_SSL_SIG_ANON )
return( MBEDTLS_MD_NONE );
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 82b6e3a..6d07e26 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -1632,7 +1632,7 @@
uint16_t *set = ssl->handshake->received_sig_algs;
const uint16_t sig_algs[] = {
MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA1 )
- MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ANON, MBEDTLS_SSL_HASH_NONE )
+ MBEDTLS_TLS_SIG_NONE
};
size_t count = sizeof( sig_algs ) / sizeof( sig_algs[0] );
@@ -2647,7 +2647,7 @@
if( sig_alg == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
+ for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ )
{
unsigned char hash = MBEDTLS_BYTE_1( *sig_alg );