Remove the certificate key check against the received signature

Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-08 08:37:53 +00:00 · 2022-06-08 08:37:53 +00:00 · 96287d98d8
commit 96287d98d8
parent 9850fa8e8d
2 changed files with 0 additions and 30 deletions
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -336,27 +336,6 @@ static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
 }

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-/*
- * Return 0 if the given key uses one of the acceptable curves, -1 otherwise
- */
-static int ssl_tls13_check_key_sigs( mbedtls_pk_context *pk,
-                                     uint16_t *sig_alg )
-{
-    mbedtls_pk_type_t pk_type;
-    mbedtls_md_type_t md_alg;
-
-    while( *sig_alg != MBEDTLS_TLS1_3_SIG_NONE )
-    {
-        mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
-                    *sig_alg, &pk_type, &md_alg );
-        if( pk_type == mbedtls_pk_get_type(pk) )
-            return( 0 );
-        sig_alg++;
-    }
-
-    return( -1 );
-}
-
 /*
 * Try picking a certificate for this ciphersuite,
 * return 0 on success and -1 on failure.
@ -394,14 +373,6 @@ static int ssl_tls13_pick_cert( mbedtls_ssl_context *ssl )
            continue;
        }

-        if( ssl_tls13_check_key_sigs( &cur->cert->pk,
-                                      ssl->handshake->received_sig_algs ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG(
-                        3, ( "certificate key mismatch: received_sig_algs" ) );
-            continue;
-        }
-
        break;
    }