Merge pull request #1201 from moisesguimaraes/fix-tlsx-sig-algo

adds check for server side sig-algo extension
2017-10-31 11:40:30 -07:00
parent 2037a6c9ea 5cf175c49b
commit 68371c8e66
1 changed files with 8 additions and 4 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -4835,11 +4835,12 @@ static word16 TLSX_SignatureAlgorithms_Write(void* data, byte* output)
 * returns 0 on success, otherwise failure.
 */
 static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, byte* input,
-                                          word16 length, Suites* suites)
+                                  word16 length, byte isRequest, Suites* suites)
 {
    word16 len;

-    (void)ssl;
+    if (!isRequest)
+        return BUFFER_ERROR;

    /* Must contain a length and at least algorithm. */
    if (length < OPAQUE16_LEN + OPAQUE16_LEN || (length & 1) != 0)
@ -8243,6 +8244,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
    word16 offset = 0;
    byte isRequest = (msgType == client_hello ||
                      msgType == certificate_request);
+
 #ifdef HAVE_EXTENDED_MASTER
    byte pendingEMS = 0;
 #endif
@ -8420,12 +8422,14 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
                if (!IsAtLeastTLSv1_2(ssl))
                    break;

+#ifdef WOLFSSL_TLS13
                if (IsAtLeastTLSv1_3(ssl->version) &&
                        msgType != client_hello &&
                        msgType != certificate_request) {
                    return EXT_NOT_ALLOWED;
                }
-                ret = SA_PARSE(ssl, input + offset, size, suites);
+#endif
+                ret = SA_PARSE(ssl, input + offset, size, isRequest, suites);
                break;

 #ifdef WOLFSSL_TLS13