TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f8ceb94fe77a1dc48a250c94e80b5350ce5105d5^! / . / library
commitf8ceb94fe77a1dc48a250c94e80b5350ce5105d5[log] [tgz]
authorXiaokangQian <xiaokang.qian@arm.com>Fri Apr 15 11:43:27 2022 +0000
committerXiaokangQian <xiaokang.qian@arm.com>Wed Apr 20 07:45:50 2022 +0000
tree869b0350ef1427d4a9a1f9cf4a81c8351989d7f2
parent8f9dfe41c00f0c42827b61ad16e1a57bb6960aed [diff]
Fix the parse_sig_alg_ext fail issue

Change-Id: Ib31e0929c5b6868ab6c3023b20472321fc07ba3c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index fabc5d1..12b7223 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c

@@ -115,8 +115,12 @@
         MBEDTLS_SSL_DEBUG_MSG( 4, ( "received signature algorithm: 0x%x",
                                     sig_alg ) );
 
-        if( ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) ||
-            ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) )
+        if( ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg )
+#if defined(MBEDTLS_SSL_CLI_C)
+            || ( ( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+            && ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) )
+#endif /* MBEDTLS_SSL_CLI_C */
+          )
             continue;
 
         if( common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE )

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 9ebab81..5aed7ff 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c

@@ -449,6 +449,12 @@
     p += 2;
 
     /*
+     * Only support TLS 1.3 currently, temporarily set the version.
+     */
+    ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
+    ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4;
+
+    /*
      * Save client random
      */
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",