From 0e33e2d9ee6a0489f168e5bd3a7e2d8cef1c8636 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Tue, 2 Jul 2019 11:53:04 +1000
Subject: [PATCH] Check PickHashSigAlgo return when doing CerticateRequest

Only check picking the hash and signature algorithm functions return
when a certificate is available to send to peer.
Include the ECC signature and hash algorithms in available list even
when using ECDSA certificates signed with RSA.
List is of capabilities not what is in certificate.
Certificate request sent to peer doesn't have to be an ECDSA certificate
signed with RSA.
Same treatment for RSA.
---
 src/internal.c | 17 +++++++++++++++--
 src/tls13.c    | 18 +++++++++++++-----
 2 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 64dcc5b53..838a2cf12 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2859,7 +2859,8 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
     suites->suiteSz = idx;
 
-    InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, 0, tls1_2, keySz);
+    InitSuitesHashSigAlgo(suites, haveECDSAsig | haveECC, haveRSAsig | haveRSA,
+                                                              0, tls1_2, keySz);
 }
 
 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) || \
@@ -18081,7 +18082,19 @@ exit_dpk:
             if ((*inOutIdx - begin) + len > size)
                 return BUFFER_ERROR;
 
-            (void)PickHashSigAlgo(ssl, input + *inOutIdx, len);
+            if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 &&
+                                             ssl->buffers.certificate &&
+                                             ssl->buffers.certificate->buffer) {
+            #ifdef HAVE_PK_CALLBACKS
+                if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) {
+                    WOLFSSL_MSG("Using PK for client private key");
+                    return INVALID_PARAMETER;
+                }
+            #endif
+                if (ssl->buffers.key && ssl->buffers.key->buffer) {
+                    return INVALID_PARAMETER;
+                }
+            }
             *inOutIdx += len;
     #ifdef WC_RSA_PSS
             ssl->pssAlgo = 0;
diff --git a/src/tls13.c b/src/tls13.c
index a6a8abf66..ae11c1ab1 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3233,7 +3233,11 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
     *inOutIdx += OPAQUE16_LEN;
     if ((*inOutIdx - begin) + len > size)
         return BUFFER_ERROR;
-    (void)PickHashSigAlgo(ssl, input + *inOutIdx, len);
+    if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 &&
+                 ssl->buffers.certificate && ssl->buffers.certificate->buffer &&
+                 ssl->buffers.key && ssl->buffers.key->buffer) {
+        return INVALID_PARAMETER;
+    }
     *inOutIdx += len;
 
     /* Length of certificate authority data. */
@@ -3287,14 +3291,18 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
         return ret;
     }
     *inOutIdx += len;
-
-    (void)PickHashSigAlgo(ssl, peerSuites.hashSigAlgo,
-                                                      peerSuites.hashSigAlgoSz);
 #endif
 
     if (ssl->buffers.certificate && ssl->buffers.certificate->buffer &&
-        ssl->buffers.key && ssl->buffers.key->buffer)
+        ssl->buffers.key && ssl->buffers.key->buffer) {
+#ifndef WOLFSSL_TLS13_DRAFT_18
+        if (PickHashSigAlgo(ssl, peerSuites.hashSigAlgo,
+                                               peerSuites.hashSigAlgoSz) != 0) {
+            return INVALID_PARAMETER;
+        }
+#endif
         ssl->options.sendVerify = SEND_CERT;
+    }
     else
         ssl->options.sendVerify = SEND_BLANK_CERT;