From 0af717b52045b62c5ad7ec2faae17e07990810e4 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 24 Jun 2019 11:36:30 +0100
Subject: [PATCH] Don't use mbedtls_ssL_set_calc_verify_md writing
 CertificateRequest

mbedtls_ssl_set_calc_verify_md() serves two purposes:
(a) It checks whether a hash algorithm is suitable to be used
    in the CertificateVerify message.
(b) It updates the function callback pointing to the function that
    computes handshake transcript for the CertificateVerify message
    w.r.t. the chosen hash function.

Step (b) is only necessary when receiving the CertificateVerify
message, while writing the CertificateRequest only involves (a).

This commit modifies the writing code for the CertificateRequest
message to inline the check (a) and thereby avoiding the call to
mbedtls_ssl_calc_verify_md().
---
 library/ssl_srv.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 3744cf6bc..f7ab70c47 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3082,9 +3082,17 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
         for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
         {
             unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur );
-
-            if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
+            if( !( 0
+#if defined(MBEDTLS_SHA512_C)
+                   || hash == MBEDTLS_SSL_HASH_SHA384
+#endif
+#if defined(MBEDTLS_SHA256_C)
+                   || hash == MBEDTLS_SSL_HASH_SHA256
+#endif
+                    ) )
+            {
                 continue;
+            }
 
 #if defined(MBEDTLS_RSA_C)
             p[2 + sa_len++] = hash;