yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-25 17:36:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't use mbedtls_ssL_set_calc_verify_md writing CertificateRequest

Browse source 
mbedtls_ssl_set_calc_verify_md() serves two purposes:
(a) It checks whether a hash algorithm is suitable to be used
    in the CertificateVerify message.
(b) It updates the function callback pointing to the function that
    computes handshake transcript for the CertificateVerify message
    w.r.t. the chosen hash function.

Step (b) is only necessary when receiving the CertificateVerify
message, while writing the CertificateRequest only involves (a).

This commit modifies the writing code for the CertificateRequest
message to inline the check (a) and thereby avoiding the call to
mbedtls_ssl_calc_verify_md().
This commit is contained in:
Hanno Becker 2019-06-24 11:36:30 +01:00
parent 627fbee41a
commit 0af717b520
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
library/ssl_srv.c
View file

@ -3082,9 +3082,17 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
{ {
unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur ); unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur );
if( !( 0
if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) ) #if defined(MBEDTLS_SHA512_C)
|| hash == MBEDTLS_SSL_HASH_SHA384
#endif
#if defined(MBEDTLS_SHA256_C)
|| hash == MBEDTLS_SSL_HASH_SHA256
#endif
) )
{
continue; continue;
}
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
p[2 + sa_len++] = hash; p[2 + sa_len++] = hash;