From 47d04ebaff8e9f5b881bd5a9cfd345b56b11a011 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 23 May 2017 08:54:25 +1000 Subject: [PATCH] Fix from review. --- src/tls.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/src/tls.c b/src/tls.c index 6efa08d09..7fc92fdc6 100755 --- a/src/tls.c +++ b/src/tls.c @@ -4432,16 +4432,31 @@ static word16 TLSX_SignatureAlgorithms_GetSize(void* data) return OPAQUE16_LEN + ssl->suites->hashSigAlgoSz; } -static void TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, byte* input, - word16 length) +/* Creates a bit string of supported hash algorithms with RSA PSS. + * The bit string is used when determining which signature algorithm to use + * when creating the CertificateVerify message. + * Note: Valid data has an even length as each signature algorithm is two bytes. + * + * ssl The SSL/TLS object. + * input The buffer with the list of supported signature algorithms. + * length The length of the list in bytes. + * returns 0 on success, BUFFER_ERROR when the length is not even. + */ +static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, byte* input, + word16 length) { word16 i; + if ((length & 1) == 1) + return BUFFER_ERROR; + ssl->pssAlgo = 0; for (i = 0; i < length; i += 2) { if (input[i] == rsa_pss_sa_algo && input[i + 1] <= sha512_mac) ssl->pssAlgo |= 1 << input[i + 1]; } + + return 0; } /* Writes the SignatureAlgorithms extension into the buffer. @@ -4489,12 +4504,10 @@ static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, byte* input, if (length != OPAQUE16_LEN + len) return BUFFER_ERROR; - TLSX_SignatureAlgorithms_MapPss(ssl, input, len); - XMEMCPY(suites->hashSigAlgo, input, len); suites->hashSigAlgoSz = len; - return 0; + return TLSX_SignatureAlgorithms_MapPss(ssl, input, len); } /* Sets a new SupportedVersions extension into the extension list.