From 2810656242f18b813c1fbea117f68ac19193381f Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Tue, 19 Aug 2025 16:27:19 +1000
Subject: [PATCH] TLS 1.3: CertificateVerify - check sig alg was sent

Check that the signature algorithm used in the CertificateVerify message
was one that was sent in the SignatureAlgorithm extension.
---
 src/tls13.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/tls13.c b/src/tls13.c
index 6483a2c77..80eec71eb 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -10118,12 +10118,26 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
         case TLS_ASYNC_BUILD:
         {
             int validSigAlgo;
+            const Suites* suites = WOLFSSL_SUITES(ssl);
+            word16 i;
 
             /* Signature algorithm. */
             if ((args->idx - args->begin) + ENUM_LEN + ENUM_LEN > totalSz) {
                 ERROR_OUT(BUFFER_ERROR, exit_dcv);
             }
 
+            validSigAlgo = 0;
+            for (i = 0; i < suites->hashSigAlgoSz; i += 2) {
+                 if ((suites->hashSigAlgo[i + 0] == input[args->idx + 0]) &&
+                         (suites->hashSigAlgo[i + 1] == input[args->idx + 1])) {
+                     validSigAlgo = 1;
+                     break;
+                 }
+            }
+            if (!validSigAlgo) {
+                ERROR_OUT(INVALID_PARAMETER, exit_dcv);
+            }
+
 #ifdef WOLFSSL_DUAL_ALG_CERTS
             if (ssl->peerSigSpec == NULL) {
                 /* The peer did not respond. We didn't send CKS or they don't