commit f8aa9a44aa37dd493fc5ac3736e8fcc4c48bc718
author Jerry Yu <jerry.h.yu@arm.com> Wed Mar 23 20:40:28 2022 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Wed Mar 23 20:54:38 2022 +0800
tree fa88195651bdc48d3ddf3dc2fd0fb6d6c1b4fd4e
parent 8c3388620d05f0903b1d7a1f60581ea0359a3e2f

fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/pk_wrap.h

diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index 7375da1..1b490cc 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -142,7 +142,7 @@
 int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status );
 #endif
 
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 int mbedtls_pk_error_from_psa( psa_status_t status );

library/ssl_misc.h

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index e7dbe69..92bb63f 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1956,11 +1956,11 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
 static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
-    uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg)
+    uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg )
 {
     *pk_type = MBEDTLS_PK_NONE;
     *md_alg = MBEDTLS_MD_NONE;
-    ((void) sig_alg);
+
     switch( sig_alg )
     {
 #if defined(MBEDTLS_SHA256_C) && \
@@ -2057,9 +2057,9 @@
           MBEDTLS_RSA_C */
 
             default:
-                return( 0 );
+                return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
         }
-        return( 1 );
+        return( 0 );
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
@@ -2136,7 +2136,7 @@
     {
         mbedtls_pk_type_t pk_type;
         mbedtls_md_type_t md_alg;
-        return( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
+        return( ! mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
                                                 sig_alg, &pk_type, &md_alg ) );
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

library/ssl_tls13_generic.c

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 5aa8587..25004fd 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -335,14 +335,9 @@
         goto error;
     }
 
-    /* We currently only support ECDSA-based signatures */
     if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
-                                        algorithm, &sig_alg, &md_alg ) == 0 )
+                                        algorithm, &sig_alg, &md_alg ) != 0 )
     {
-        /* algorithm not in offered signature algorithms list */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Get pk type and md algorithm from "
-                                    "signature algorithm(%04x) fail.",
-                                    ( unsigned int ) algorithm ) );
         goto error;
     }
 
@@ -1137,17 +1132,9 @@
     ret = mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( algorithm,
                                                                  &pk_type,
                                                                  &md_alg );
-    if( ret == 0 )
+    if( ret != 0 )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-                    ( "signature algorithm is not supported." ) );
-
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s",
-                                    mbedtls_ssl_sig_alg_to_str( algorithm ) ) );
-
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR  );
 
     }