check hashsigalgo matches ssl suites on client side.

2024-07-03 11:59:18 -05:00 · 2024-07-03 11:59:18 -05:00 · f7f3ba9c76
parent 7dfef18cf4
commit f7f3ba9c76
1 changed files with 9 additions and 0 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -31104,6 +31104,15 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                            ERROR_OUT(BUFFER_ERROR, exit_dske);
                        }

+                        /* Check if hashSigAlgo in Server Key Exchange is supported
+                         * in our ssl->suites or ssl->ctx->suites. */
+                        if (!SupportedHashSigAlgo(ssl, &input[args->idx])) {
+                        #ifdef WOLFSSL_EXTRA_ALERTS
+                            SendAlert(ssl, alert_fatal, handshake_failure);
+                        #endif
+                            ERROR_OUT(MATCH_SUITE_ERROR, exit_dske);
+                        }
+
                        DecodeSigAlg(&input[args->idx], &ssl->options.peerHashAlgo,
                                     &sigAlgo);
                    #ifndef NO_RSA