Fix mbedtls_ssl_get_ciphersuite_sig_alg() by returning MBEDTLS_PK_NONE for MBEDTLS_KEY_EXCHANGE_RSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 9b98023..62988f2 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1972,7 +1972,6 @@
{
switch( info->key_exchange )
{
- case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
return( MBEDTLS_PK_RSA );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index aa4aa08..0abf2b9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7713,13 +7713,10 @@
continue;
if( sig_alg_received == MBEDTLS_SSL_SIG_RSA &&
- ! ( mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key,
- PSA_ALG_RSA_PKCS1V15_CRYPT,
- PSA_KEY_USAGE_DECRYPT ) ||
- mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key,
- PSA_ALG_RSA_PKCS1V15_SIGN(
- psa_hash_alg ),
- PSA_KEY_USAGE_SIGN_HASH ) ) )
+ ! mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key,
+ PSA_ALG_RSA_PKCS1V15_SIGN(
+ psa_hash_alg ),
+ PSA_KEY_USAGE_SIGN_HASH ) )
continue;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */