feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for possible seg fault with anonymous cipher mode enabled. Do not perform signature/verify when using anon_cipher.

Browse Source
This commit is contained in:
David Garske
2016-07-14 15:58:35 -07:00
parent 9a9a98ac82
commit aa9b1e964c
1 changed files with 153 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/internal.c
View File

@ -16593,6 +16593,7 @@ int DoSessionTicket(WOLFSSL* ssl,
} }
#endif #endif
if (!ssl->options.usingAnon_cipher) {
/* Determine hash type */ /* Determine hash type */
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
output[idx++] = ssl->suites->hashAlgo; output[idx++] = ssl->suites->hashAlgo;
@ -16739,6 +16740,7 @@ int DoSessionTicket(WOLFSSL* ssl,
} }
#endif /* NO_RSA */ #endif /* NO_RSA */
} /* switch (ssl->suites->sigAlgo) */ } /* switch (ssl->suites->sigAlgo) */
} /* !ssl->options.usingAnon_cipher */
break; break;
} }
@ -16821,6 +16823,7 @@ int DoSessionTicket(WOLFSSL* ssl,
#ifndef NO_RSA #ifndef NO_RSA
case rsa_sa_algo: case rsa_sa_algo:
{ {
if (!ssl->options.usingAnon_cipher) {
/* check for signature faults */ /* check for signature faults */
ret = VerifyRsaSign(ssl, ret = VerifyRsaSign(ssl,
output + idx, output + idx,
@ -16828,6 +16831,7 @@ int DoSessionTicket(WOLFSSL* ssl,
ssl->buffers.sig.buffer, ssl->buffers.sig.buffer,
ssl->buffers.sig.length, ssl->buffers.sig.length,
(RsaKey*)ssl->sigKey); (RsaKey*)ssl->sigKey);
}
break; break;
} }
#endif #endif