feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1201 from moisesguimaraes/fix-tlsx-sig-algo

Browse Source 
adds check for server side sig-algo extension
This commit is contained in:
toddouska
2017-10-31 11:40:30 -07:00
committed by GitHub
parent 2037a6c9ea 5cf175c49b
commit 68371c8e66
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/tls.c
View File

@ -4791,7 +4791,7 @@ static word16 TLSX_SignatureAlgorithms_GetSize(void* data)
* returns 0 on success, BUFFER_ERROR when the length is not even. * returns 0 on success, BUFFER_ERROR when the length is not even.
*/ */
static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, byte* input, static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, byte* input,
word16 length) word16 length)
{ {
word16 i; word16 i;
@ -4835,11 +4835,12 @@ static word16 TLSX_SignatureAlgorithms_Write(void* data, byte* output)
* returns 0 on success, otherwise failure. * returns 0 on success, otherwise failure.
*/ */
static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, byte* input, static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, byte* input,
word16 length, Suites* suites) word16 length, byte isRequest, Suites* suites)
{ {
word16 len; word16 len;
(void)ssl; if (!isRequest)
return BUFFER_ERROR;
/* Must contain a length and at least algorithm. */ /* Must contain a length and at least algorithm. */
if (length < OPAQUE16_LEN + OPAQUE16_LEN || (length & 1) != 0) if (length < OPAQUE16_LEN + OPAQUE16_LEN || (length & 1) != 0)
@ -8243,6 +8244,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
word16 offset = 0; word16 offset = 0;
byte isRequest = (msgType == client_hello || byte isRequest = (msgType == client_hello ||
msgType == certificate_request); msgType == certificate_request);
#ifdef HAVE_EXTENDED_MASTER #ifdef HAVE_EXTENDED_MASTER
byte pendingEMS = 0; byte pendingEMS = 0;
#endif #endif
@ -8420,12 +8422,14 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
if (!IsAtLeastTLSv1_2(ssl)) if (!IsAtLeastTLSv1_2(ssl))
break; break;
#ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version) && if (IsAtLeastTLSv1_3(ssl->version) &&
msgType != client_hello && msgType != client_hello &&
msgType != certificate_request) { msgType != certificate_request) {
return EXT_NOT_ALLOWED; return EXT_NOT_ALLOWED;
} }
ret = SA_PARSE(ssl, input + offset, size, suites); #endif
ret = SA_PARSE(ssl, input + offset, size, isRequest, suites);
break; break;
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13