Check PickHashSigAlgo return when doing CerticateRequest

Only check picking the hash and signature algorithm functions return when a certificate is available to send to peer. Include the ECC signature and hash algorithms in available list even when using ECDSA certificates signed with RSA. List is of capabilities not what is in certificate. Certificate request sent to peer doesn't have to be an ECDSA certificate signed with RSA. Same treatment for RSA.
2019-07-02 11:53:04 +10:00 · 2019-07-02 11:53:04 +10:00 · 0e33e2d9ee
commit 0e33e2d9ee
parent 8312ceb14c
2 changed files with 28 additions and 7 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -2859,7 +2859,8 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,

    suites->suiteSz = idx;

-    InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, 0, tls1_2, keySz);
+    InitSuitesHashSigAlgo(suites, haveECDSAsig | haveECC, haveRSAsig | haveRSA,
+                                                              0, tls1_2, keySz);
 }

 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) || \
@ -18081,7 +18082,19 @@ exit_dpk:
            if ((*inOutIdx - begin) + len > size)
                return BUFFER_ERROR;

-            (void)PickHashSigAlgo(ssl, input + *inOutIdx, len);
+            if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 &&
+                                             ssl->buffers.certificate &&
+                                             ssl->buffers.certificate->buffer) {
+            #ifdef HAVE_PK_CALLBACKS
+                if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) {
+                    WOLFSSL_MSG("Using PK for client private key");
+                    return INVALID_PARAMETER;
+                }
+            #endif
+                if (ssl->buffers.key && ssl->buffers.key->buffer) {
+                    return INVALID_PARAMETER;
+                }
+            }
            *inOutIdx += len;
    #ifdef WC_RSA_PSS
            ssl->pssAlgo = 0;
--- a/src/tls13.c
+++ b/src/tls13.c
@ -3233,7 +3233,11 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
    *inOutIdx += OPAQUE16_LEN;
    if ((*inOutIdx - begin) + len > size)
        return BUFFER_ERROR;
-    (void)PickHashSigAlgo(ssl, input + *inOutIdx, len);
+    if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 &&
+                 ssl->buffers.certificate && ssl->buffers.certificate->buffer &&
+                 ssl->buffers.key && ssl->buffers.key->buffer) {
+        return INVALID_PARAMETER;
+    }
    *inOutIdx += len;

    /* Length of certificate authority data. */
@ -3287,14 +3291,18 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
        return ret;
    }
    *inOutIdx += len;
-
-    (void)PickHashSigAlgo(ssl, peerSuites.hashSigAlgo,
-                                                      peerSuites.hashSigAlgoSz);
 #endif

    if (ssl->buffers.certificate && ssl->buffers.certificate->buffer &&
-        ssl->buffers.key && ssl->buffers.key->buffer)
+        ssl->buffers.key && ssl->buffers.key->buffer) {
+#ifndef WOLFSSL_TLS13_DRAFT_18
+        if (PickHashSigAlgo(ssl, peerSuites.hashSigAlgo,
+                                               peerSuites.hashSigAlgoSz) != 0) {
+            return INVALID_PARAMETER;
+        }
+#endif
        ssl->options.sendVerify = SEND_CERT;
+    }
    else
        ssl->options.sendVerify = SEND_BLANK_CERT;