feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

check hashsigalgo matches ssl suites on client side.

Browse Source
This commit is contained in:
jordan
2024-07-03 11:59:18 -05:00
parent 7dfef18cf4
commit f7f3ba9c76
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/internal.c
View File

@ -31104,6 +31104,15 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
ERROR_OUT(BUFFER_ERROR, exit_dske); ERROR_OUT(BUFFER_ERROR, exit_dske);
} }
/* Check if hashSigAlgo in Server Key Exchange is supported
* in our ssl->suites or ssl->ctx->suites. */
if (!SupportedHashSigAlgo(ssl, &input[args->idx])) {
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, handshake_failure);
#endif
ERROR_OUT(MATCH_SUITE_ERROR, exit_dske);
}
DecodeSigAlg(&input[args->idx], &ssl->options.peerHashAlgo, DecodeSigAlg(&input[args->idx], &ssl->options.peerHashAlgo,
&sigAlgo); &sigAlgo);
#ifndef NO_RSA #ifndef NO_RSA