WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TLS 1.2: check signature algo in ServerKeyExchange

pull/4562/head
Sean Parkinson 2021-11-11 10:55:44 +10:00
parent 607a3bfaa7
commit b5fd899113
1 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/internal.c
View File

@ -24446,6 +24446,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
#else #else
enum wc_HashType hashType; enum wc_HashType hashType;
word16 verifySz; word16 verifySz;
byte sigAlgo;
if (ssl->options.usingAnon_cipher) { if (ssl->options.usingAnon_cipher) {
break; break;
@ -24463,7 +24464,33 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
} }
DecodeSigAlg(&input[args->idx], &args->hashAlgo, DecodeSigAlg(&input[args->idx], &args->hashAlgo,
&args->sigAlgo); &sigAlgo);
#ifndef NO_RSA
if (sigAlgo == rsa_pss_sa_algo &&
args->sigAlgo == rsa_sa_algo) {
args->sigAlgo = sigAlgo;
}
else
#endif
#ifdef HAVE_ED25519
if (sigAlgo == ed25519_sa_algo &&
args->sigAlgo == ecc_dsa_sa_algo) {
args->sigAlgo = sigAlgo;
}
else
#endif
#ifdef HAVE_ED448
if (sigAlgo == ed448_sa_algo &&
args->sigAlgo == ecc_dsa_sa_algo) {
args->sigAlgo = sigAlgo;
}
else
#endif
/* Signature algorithm from message must match signature
* algorithm in cipher suite. */
if (sigAlgo != args->sigAlgo) {
ERROR_OUT(ALGO_ID_E, exit_dske);
}
args->idx += 2; args->idx += 2;
hashType = HashAlgoToType(args->hashAlgo); hashType = HashAlgoToType(args->hashAlgo);
if (hashType == WC_HASH_TYPE_NONE) { if (hashType == WC_HASH_TYPE_NONE) {