Introduce helper functions to traverse signature hashes
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index b0c0403..ee50b4d 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -173,7 +173,6 @@
unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t sig_alg_len = 0;
- const int *md;
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
unsigned char *sig_alg_list = buf + 6;
#endif
@@ -188,15 +187,15 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
- for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
- {
+ MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
+ ((void) hash);
#if defined(MBEDTLS_ECDSA_C)
- sig_alg_len += 2;
+ sig_alg_len += 2;
#endif
#if defined(MBEDTLS_RSA_C)
- sig_alg_len += 2;
+ sig_alg_len += 2;
#endif
- }
+ MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
{
@@ -209,17 +208,16 @@
*/
sig_alg_len = 0;
- for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
- {
+ MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
#if defined(MBEDTLS_ECDSA_C)
- sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
- sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
+ sig_alg_list[sig_alg_len++] = hash;
+ sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
#endif
#if defined(MBEDTLS_RSA_C)
- sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
- sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
+ sig_alg_list[sig_alg_len++] = hash;
+ sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
#endif
- }
+ MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
/*
* enum {
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f7ab70c..e69c517 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3074,26 +3074,19 @@
*/
if( mbedtls_ssl_get_minor_ver( ssl ) == MBEDTLS_SSL_MINOR_VERSION_3 )
{
- const int *cur;
-
/*
* Supported signature algorithms
*/
- for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
- {
- unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur );
- if( !( 0
+ MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
+ if( 0
#if defined(MBEDTLS_SHA512_C)
- || hash == MBEDTLS_SSL_HASH_SHA384
+ || hash == MBEDTLS_SSL_HASH_SHA384
#endif
#if defined(MBEDTLS_SHA256_C)
- || hash == MBEDTLS_SSL_HASH_SHA256
+ || hash == MBEDTLS_SSL_HASH_SHA256
#endif
- ) )
- {
- continue;
- }
-
+ )
+ {
#if defined(MBEDTLS_RSA_C)
p[2 + sa_len++] = hash;
p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA;
@@ -3103,6 +3096,7 @@
p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA;
#endif
}
+ MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
p[0] = (unsigned char)( sa_len >> 8 );
p[1] = (unsigned char)( sa_len );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ae6c282..9359be6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -11308,14 +11308,13 @@
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
mbedtls_md_type_t md )
{
- const int *cur;
-
if( ssl->conf->sig_hashes == NULL )
return( -1 );
- for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
- if( *cur == (int) md )
- return( 0 );
+ MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH( md_alg )
+ if( md_alg == md )
+ return( 0 );
+ MBEDTLS_SSL_END_FOR_EACH_SIG_HASH
return( -1 );
}