Skip to content

Commit f54ca0d

Browse files
SparkiDevSparkiDev
committed
TLS 1.2 CertificateVerify: req sig alg to have been in CR
The signature algorithm specified in CertificateVerify must have been in the CertificateRequest. Add check. The cipher suite test cases, when client auth and RSA are built-in and use the default client certificate and use the *-ECDSA-* cipher suites, no longer work. The client certificate must be ECC when the cipher suite has ECDSA. Don't run them for that build.
1 parent 58bd6a8 commit f54ca0d

5 files changed

Lines changed: 420 additions & 30 deletions

File tree

src/internal.c

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -37338,11 +37338,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
3733837338
XMEMCPY(outSuites->suites, &suites, sizeof(suites));
3733937339
#ifdef WOLFSSL_DEBUG_TLS
3734037340
{
37341-
int ii;
37341+
word16 ii;
3734237342
WOLFSSL_MSG("Refined Ciphers:");
37343-
for (ii = 0 ; ii < suites->suiteSz; ii += 2) {
37344-
WOLFSSL_MSG(GetCipherNameInternal(suites->suites[ii+0],
37345-
suites->suites[ii+1]));
37343+
for (ii = 0 ; ii < outSuites->suiteSz; ii += 2) {
37344+
WOLFSSL_MSG(GetCipherNameInternal(outSuites->suites[ii+0],
37345+
outSuites->suites[ii+1]));
3734637346
}
3734737347
}
3734837348
#endif
@@ -38568,10 +38568,19 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
3856838568
case TLS_ASYNC_BUILD:
3856938569
{
3857038570
if (IsAtLeastTLSv1_2(ssl)) {
38571-
if ((args->idx - args->begin) + ENUM_LEN + ENUM_LEN > size) {
38571+
if ((args->idx - args->begin) + ENUM_LEN + ENUM_LEN >
38572+
size) {
3857238573
ERROR_OUT(BUFFER_ERROR, exit_dcv);
3857338574
}
3857438575

38576+
/* Check if hashSigAlgo in CertificateVerify is supported
38577+
* in our ssl->suites or ssl->ctx->suites. */
38578+
if (!SupportedHashSigAlgo(ssl, &input[args->idx])) {
38579+
WOLFSSL_MSG("Signature algorithm was not in "
38580+
"CertificateRequest");
38581+
ERROR_OUT(INVALID_PARAMETER, exit_dcv);
38582+
}
38583+
3857538584
DecodeSigAlg(&input[args->idx], &ssl->options.peerHashAlgo,
3857638585
&ssl->options.peerSigAlgo);
3857738586
args->idx += 2;

tests/api/test_tls.c

Lines changed: 321 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -345,3 +345,324 @@ int test_tls_certreq_order(void)
345345
return EXPECT_RESULT();
346346
}
347347

348+
#if !defined(WOLFSSL_NO_TLS12) && !defined(NO_RSA) && defined(HAVE_ECC) && \
349+
!defined(NO_WOLFSSL_SERVER)
350+
/* Called when writing. */
351+
static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
352+
{
353+
(void)ssl;
354+
(void)buf;
355+
(void)ctx;
356+
357+
return sz;
358+
}
359+
/* Called when reading. */
360+
static int CsRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
361+
{
362+
WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx;
363+
int len = (int)msg->length;
364+
365+
(void)ssl;
366+
(void)sz;
367+
368+
/* Pass back as much of message as will fit in buffer. */
369+
if (len > sz)
370+
len = sz;
371+
XMEMCPY(buf, msg->buffer, len);
372+
/* Move over returned data. */
373+
msg->buffer += len;
374+
msg->length -= len;
375+
376+
/* Amount actually copied. */
377+
return len;
378+
}
379+
#endif
380+
381+
int test_tls12_bad_cv_sig_alg(void)
382+
{
383+
EXPECT_DECLS;
384+
#if !defined(WOLFSSL_NO_TLS12) && !defined(NO_RSA) && defined(HAVE_ECC) && \
385+
!defined(NO_WOLFSSL_SERVER)
386+
byte clientMsgs[] = {
387+
/* Client Hello */
388+
0x16, 0x03, 0x03, 0x00, 0xe7,
389+
0x01, 0x00, 0x00, 0xe3, 0x03, 0x03, 0x65, 0x27,
390+
0x41, 0xdf, 0xd9, 0x17, 0xdb, 0x02, 0x5c, 0x2e,
391+
0xf8, 0x4b, 0x77, 0x86, 0x5a, 0x20, 0x57, 0x7f,
392+
0xc0, 0xe7, 0xef, 0x8f, 0x56, 0xef, 0xfa, 0x71,
393+
0x36, 0xec, 0x55, 0x1d, 0x4e, 0xa2, 0x00, 0x00,
394+
0x64, 0xc0, 0x2c, 0xc0, 0x2b, 0xc0, 0x30, 0xc0,
395+
0x2f, 0x00, 0x9f, 0x00, 0x9e, 0x00, 0xab, 0x00,
396+
0x34, 0x00, 0xa7, 0x00, 0xaa, 0xcc, 0xa9, 0xcc,
397+
0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0,
398+
0x28, 0xc0, 0x24, 0xc0, 0x0a, 0xc0, 0x09, 0xc0,
399+
0x07, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0,
400+
0xac, 0xc0, 0xae, 0xc0, 0xaf, 0x00, 0x6b, 0x00,
401+
0x67, 0x00, 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc,
402+
0x13, 0xcc, 0x15, 0xc0, 0x06, 0x00, 0xb3, 0x00,
403+
0xb2, 0xc0, 0xa6, 0xc0, 0xa7, 0xcc, 0xab, 0xcc,
404+
0xac, 0xcc, 0xad, 0xc0, 0x37, 0xd0, 0x01, 0x00,
405+
0xb5, 0xc0, 0x3a, 0x00, 0xb4, 0x00, 0x45, 0x00,
406+
0x88, 0x00, 0xbe, 0x00, 0xc4, 0x01, 0x00, 0x00,
407+
0x56, 0x00, 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06,
408+
0x03, 0x05, 0x03, 0x04, 0x03, 0x08, 0x07, 0x08,
409+
0x08, 0x08, 0x06, 0x08, 0x0b, 0x08, 0x05, 0x08,
410+
0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01, 0x05,
411+
0x01, 0x04, 0x01, 0x03, 0x01, 0x00, 0x0b, 0x00,
412+
0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x1c, 0x00,
413+
0x1a, 0x00, 0x19, 0x00, 0x1c, 0x00, 0x18, 0x00,
414+
0x1b, 0x00, 0x1e, 0x00, 0x17, 0x00, 0x16, 0x00,
415+
0x1a, 0x00, 0x1d, 0x00, 0x15, 0x00, 0x14, 0x01,
416+
0x01, 0x01, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00,
417+
0x23, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00,
418+
/* Certificate */
419+
0x16, 0x03, 0x03, 0x05, 0x2b,
420+
0x0b, 0x00, 0x05, 0x27, 0x00, 0x05, 0x24, 0x00,
421+
0x05, 0x21, 0x30, 0x82, 0x05, 0x1d, 0x30, 0x82,
422+
0x04, 0x05, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
423+
0x14, 0x4f, 0x0d, 0x8c, 0xc5, 0xfa, 0xee, 0xa2,
424+
0x9b, 0xb7, 0x35, 0x9e, 0xe9, 0x4a, 0x17, 0x99,
425+
0xf0, 0xcc, 0x23, 0xf2, 0xec, 0x30, 0x0d, 0x06,
426+
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
427+
0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x9e, 0x31,
428+
0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
429+
0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e,
430+
0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d,
431+
0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10,
432+
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
433+
0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e,
434+
0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04,
435+
0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53,
436+
0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31,
437+
0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b,
438+
0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67, 0x72, 0x61,
439+
0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30,
440+
0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
441+
0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77,
442+
0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c,
443+
0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d,
444+
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
445+
0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66,
446+
0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
447+
0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17,
448+
0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32,
449+
0x31, 0x32, 0x35, 0x32, 0x39, 0x5a, 0x17, 0x0d,
450+
0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31,
451+
0x32, 0x35, 0x32, 0x39, 0x5a, 0x30, 0x81, 0x9e,
452+
0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
453+
0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
454+
0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07,
455+
0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31,
456+
0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
457+
0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61,
458+
0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55,
459+
0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, 0x66,
460+
0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38,
461+
0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04,
462+
0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67, 0x72,
463+
0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32,
464+
0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06,
465+
0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
466+
0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
467+
0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30,
468+
0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
469+
0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
470+
0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73,
471+
0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82,
472+
0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
473+
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
474+
0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
475+
0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3,
476+
0x03, 0xd1, 0x2b, 0xfe, 0x39, 0xa4, 0x32, 0x45,
477+
0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c, 0x74,
478+
0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6,
479+
0xa6, 0x36, 0xb2, 0x07, 0x32, 0x8e, 0xd0, 0xba,
480+
0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4, 0x81,
481+
0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb,
482+
0xa1, 0x75, 0xc8, 0x36, 0x2c, 0x4a, 0xd2, 0x1b,
483+
0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef, 0xec,
484+
0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a,
485+
0xbf, 0x65, 0xcc, 0x7f, 0x65, 0x24, 0x69, 0xa6,
486+
0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7, 0xc5,
487+
0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a,
488+
0x78, 0xe1, 0x01, 0x56, 0x56, 0x91, 0xa6, 0x13,
489+
0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c, 0xef,
490+
0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1,
491+
0x3b, 0xf5, 0xf1, 0xa3, 0x4a, 0x35, 0xe4, 0xe1,
492+
0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e, 0x97,
493+
0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf,
494+
0x20, 0x0b, 0x43, 0x14, 0xc5, 0x74, 0x67, 0xb4,
495+
0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88, 0x40,
496+
0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22,
497+
0x17, 0xd7, 0x52, 0x65, 0x24, 0x73, 0xb0, 0xce,
498+
0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c, 0x7b,
499+
0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50,
500+
0x6d, 0x3b, 0xa3, 0x3b, 0xa3, 0x99, 0x5e, 0x9d,
501+
0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a, 0xd9,
502+
0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff,
503+
0x25, 0x4c, 0xc4, 0xd1, 0x79, 0xf4, 0x71, 0xd3,
504+
0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5, 0x72,
505+
0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56,
506+
0x2f, 0xd7, 0x15, 0xf7, 0x7f, 0xc0, 0xae, 0xf5,
507+
0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3, 0x02,
508+
0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f,
509+
0x30, 0x82, 0x01, 0x4b, 0x30, 0x1d, 0x06, 0x03,
510+
0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33,
511+
0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e,
512+
0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7,
513+
0x85, 0x65, 0xc0, 0x30, 0x81, 0xde, 0x06, 0x03,
514+
0x55, 0x1d, 0x23, 0x04, 0x81, 0xd6, 0x30, 0x81,
515+
0xd3, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7,
516+
0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27,
517+
0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0xa1,
518+
0x81, 0xa4, 0xa4, 0x81, 0xa1, 0x30, 0x81, 0x9e,
519+
0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
520+
0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
521+
0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07,
522+
0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31,
523+
0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
524+
0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61,
525+
0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55,
526+
0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, 0x66,
527+
0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38,
528+
0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04,
529+
0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67, 0x72,
530+
0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32,
531+
0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06,
532+
0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
533+
0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
534+
0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30,
535+
0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
536+
0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
537+
0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73,
538+
0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x14,
539+
0x4f, 0x0d, 0x8c, 0xc5, 0xfa, 0xee, 0xa2, 0x9b,
540+
0xb7, 0x35, 0x9e, 0xe9, 0x4a, 0x17, 0x99, 0xf0,
541+
0xcc, 0x23, 0xf2, 0xec, 0x30, 0x0c, 0x06, 0x03,
542+
0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
543+
0x01, 0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d,
544+
0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65,
545+
0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63,
546+
0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01,
547+
0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04,
548+
0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01,
549+
0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b,
550+
0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30,
551+
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
552+
0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
553+
0x01, 0x01, 0x00, 0x46, 0xab, 0xe4, 0x6d, 0xae,
554+
0x49, 0x5b, 0x6a, 0x0b, 0xa9, 0x87, 0xe1, 0x95,
555+
0x32, 0xa6, 0xd7, 0xae, 0xde, 0x28, 0xdc, 0xc7,
556+
0x99, 0x68, 0xe2, 0x5f, 0xc9, 0x5a, 0x4c, 0x64,
557+
0xb8, 0xf5, 0x28, 0x42, 0x5a, 0xe8, 0x5c, 0x59,
558+
0x32, 0xfe, 0xd0, 0x1f, 0x0b, 0x55, 0x89, 0xdb,
559+
0x67, 0xe7, 0x78, 0xf3, 0x70, 0xcf, 0x18, 0x51,
560+
0x57, 0x8b, 0xf3, 0x2b, 0xa4, 0x66, 0x0b, 0xf6,
561+
0x03, 0x6e, 0x11, 0xac, 0x83, 0x52, 0x16, 0x7e,
562+
0xa2, 0x7c, 0x36, 0x77, 0xf6, 0xbb, 0x13, 0x19,
563+
0x40, 0x2c, 0xb8, 0x8c, 0xca, 0xd6, 0x7e, 0x79,
564+
0x7d, 0xf4, 0x14, 0x8d, 0xb5, 0xa4, 0x09, 0xf6,
565+
0x2d, 0x4c, 0xe7, 0xf9, 0xb8, 0x25, 0x41, 0x15,
566+
0x78, 0xf4, 0xca, 0x80, 0x41, 0xea, 0x3a, 0x05,
567+
0x08, 0xf6, 0xb5, 0x5b, 0xa1, 0x3b, 0x5b, 0x48,
568+
0xa8, 0x4b, 0x8c, 0x19, 0x8d, 0x6c, 0x87, 0x31,
569+
0x76, 0x74, 0x02, 0x16, 0x8b, 0xdd, 0x7f, 0xd1,
570+
0x11, 0x62, 0x27, 0x42, 0x39, 0xe0, 0x9a, 0x63,
571+
0x26, 0x31, 0x19, 0xce, 0x3d, 0x41, 0xd5, 0x24,
572+
0x47, 0x32, 0x0f, 0x76, 0xd6, 0x41, 0x37, 0x44,
573+
0xad, 0x73, 0xf1, 0xb8, 0xec, 0x2b, 0x6e, 0x9c,
574+
0x4f, 0x84, 0xc4, 0x4e, 0xd7, 0x92, 0x10, 0x7e,
575+
0x23, 0x32, 0xa0, 0x75, 0x6a, 0xe7, 0xfe, 0x55,
576+
0x95, 0x9f, 0x0a, 0xad, 0xdf, 0xf9, 0x2a, 0xa2,
577+
0x1a, 0x59, 0xd5, 0x82, 0x63, 0xd6, 0x5d, 0x7d,
578+
0x79, 0xf4, 0xa7, 0x2d, 0xdc, 0x8c, 0x04, 0xcd,
579+
0x98, 0xb0, 0x42, 0x0e, 0x84, 0xfa, 0x86, 0x50,
580+
0x10, 0x61, 0xac, 0x73, 0xcd, 0x79, 0x45, 0x30,
581+
0xe8, 0x42, 0xa1, 0x6a, 0xf6, 0x77, 0x55, 0xec,
582+
0x07, 0xdb, 0x52, 0x29, 0xca, 0x7a, 0xc8, 0xa2,
583+
0xda, 0xe9, 0xf5, 0x98, 0x33, 0x6a, 0xe8, 0xbc,
584+
0x89, 0xed, 0x01, 0xe2, 0xfe, 0x44, 0x86, 0x86,
585+
0x80, 0x39, 0xec,
586+
/* ClientKeyExchange */
587+
0x16, 0x03, 0x03, 0x00, 0x46,
588+
0x10, 0x00, 0x00, 0x42, 0x41, 0x04, 0xc5, 0xb9,
589+
0x0f, 0xbc, 0x84, 0xe6, 0x0c, 0x02, 0xa6, 0x8d,
590+
0x34, 0xa6, 0x3e, 0x1e, 0xb7, 0x88, 0xb8, 0x68,
591+
0x29, 0x2b, 0x85, 0x67, 0xe2, 0x62, 0x4d, 0xd9,
592+
0xa4, 0x38, 0xb3, 0xec, 0x33, 0xa1, 0xe5, 0xe1,
593+
0xae, 0xe9, 0x07, 0xd1, 0xea, 0x1b, 0xec, 0xa6,
594+
0xaf, 0x1f, 0x80, 0x87, 0x7c, 0x53, 0x80, 0x04,
595+
0xee, 0x20, 0xeb, 0x64, 0x0d, 0xa0, 0xf7, 0x62,
596+
0xb1, 0xcc, 0x73, 0x97, 0xf5, 0x80,
597+
/* CertificateVerify */
598+
0x16, 0x03, 0x03, 0x01, 0x08,
599+
/* 0x04 - sha256, changed to 0x02 - sha1 */
600+
0x0f, 0x00, 0x01, 0x04, 0x08, 0x02, 0x01, 0x00,
601+
0x8b, 0x09, 0xa4, 0x58, 0x8d, 0x68, 0xd9, 0xc9,
602+
0xef, 0xe9, 0xa5, 0x98, 0x7f, 0xa3, 0xa9, 0x7b,
603+
0x56, 0xf7, 0xaa, 0x5f, 0x8f, 0x47, 0x7f, 0xd0,
604+
0x7b, 0xcf, 0x4f, 0x84, 0xe1, 0xa9, 0x0e, 0xa8,
605+
0x83, 0x19, 0xd8, 0xb3, 0x97, 0x23, 0x98, 0xc5,
606+
0x2b, 0x56, 0x82, 0x66, 0x94, 0xcc, 0xd7, 0x23,
607+
0xe6, 0x6e, 0x60, 0x83, 0x78, 0xfb, 0xaf, 0x8e,
608+
0x8b, 0xae, 0x1f, 0x3c, 0x34, 0x96, 0x3b, 0xd5,
609+
0x8d, 0x1e, 0xaf, 0x98, 0x1d, 0x27, 0x86, 0x97,
610+
0x42, 0xd4, 0xfc, 0x62, 0xbc, 0x43, 0x94, 0x98,
611+
0x19, 0x26, 0x87, 0xb0, 0x8c, 0xb5, 0x22, 0xa7,
612+
0x6a, 0x5e, 0x56, 0x73, 0x0a, 0x75, 0xc9, 0xb9,
613+
0x0e, 0xf7, 0x49, 0x4f, 0xa2, 0x0f, 0xfb, 0xdf,
614+
0x3e, 0xe4, 0xc8, 0x31, 0x26, 0xc5, 0x5c, 0x83,
615+
0x9f, 0x13, 0xcb, 0x4c, 0xdc, 0x21, 0xe6, 0x24,
616+
0x2d, 0xd3, 0xe8, 0x18, 0x04, 0xaf, 0x5c, 0x42,
617+
0x03, 0xa3, 0x0a, 0xb5, 0xfc, 0xb9, 0xbc, 0x8e,
618+
0xd3, 0xe0, 0x78, 0xdc, 0xef, 0xb9, 0x91, 0x9f,
619+
0x5b, 0xdc, 0xe3, 0x84, 0xd2, 0xca, 0x32, 0x33,
620+
0x00, 0x7c, 0x13, 0xd3, 0x2d, 0x85, 0x65, 0x00,
621+
0xc0, 0xb0, 0xde, 0x85, 0x37, 0x38, 0x18, 0xd2,
622+
0x81, 0xd4, 0x35, 0xeb, 0xf1, 0xfb, 0x9f, 0x6c,
623+
0x96, 0x95, 0xf5, 0xaa, 0xfd, 0x22, 0xca, 0x20,
624+
0xfd, 0x3b, 0xa9, 0xa7, 0xb6, 0x5a, 0x26, 0x02,
625+
0xb6, 0x0e, 0xdd, 0xaa, 0x0f, 0xa8, 0x96, 0x18,
626+
0xaa, 0xb1, 0x79, 0x9c, 0x17, 0xb0, 0x7e, 0xa7,
627+
0x4f, 0xc0, 0x98, 0x27, 0xbe, 0xac, 0x00, 0xda,
628+
0x3b, 0x2e, 0xd4, 0x11, 0x41, 0x54, 0x34, 0x53,
629+
0x5f, 0xc5, 0xcd, 0x72, 0xd7, 0x36, 0x04, 0xe1,
630+
0x7f, 0xcf, 0x1e, 0x01, 0x97, 0xec, 0xeb, 0xad,
631+
0x1c, 0xc6, 0x7f, 0x2d, 0x8c, 0x68, 0x29, 0xd1,
632+
0x93, 0x47, 0x59, 0xc0, 0xe2, 0x4a, 0x36, 0x6c
633+
};
634+
WOLFSSL_CTX* ctx = NULL;
635+
WOLFSSL* ssl = NULL;
636+
WOLFSSL_BUFFER_INFO msg;
637+
638+
/* Set up wolfSSL context. */
639+
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()));
640+
ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
641+
CERT_FILETYPE));
642+
ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
643+
CERT_FILETYPE));
644+
if (EXPECT_SUCCESS()) {
645+
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
646+
}
647+
/* Read from 'msg'. */
648+
wolfSSL_SetIORecv(ctx, CsRecv);
649+
/* No where to send to - dummy sender. */
650+
wolfSSL_SetIOSend(ctx, CsSend);
651+
652+
ExpectNotNull(ssl = wolfSSL_new(ctx));
653+
msg.buffer = clientMsgs;
654+
msg.length = (unsigned int)sizeof(clientMsgs);
655+
if (EXPECT_SUCCESS()) {
656+
wolfSSL_SetIOReadCtx(ssl, &msg);
657+
}
658+
/* Read all message include CertificateVerify with invalid signature
659+
* algorithm. */
660+
ExpectIntEQ(wolfSSL_accept(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
661+
/* Expect an invalid parameter error. */
662+
ExpectIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FATAL_ERROR), -425);
663+
wolfSSL_free(ssl);
664+
wolfSSL_CTX_free(ctx);
665+
#endif
666+
return EXPECT_RESULT();
667+
}
668+

tests/api/test_tls.h

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,13 +28,15 @@ int test_tls13_unexpected_ccs(void);
2828
int test_tls12_curve_intersection(void);
2929
int test_tls13_curve_intersection(void);
3030
int test_tls_certreq_order(void);
31+
int test_tls12_bad_cv_sig_alg(void);
3132

3233
#define TEST_TLS_DECLS \
3334
TEST_DECL_GROUP("tls", test_utils_memio_move_message), \
3435
TEST_DECL_GROUP("tls", test_tls12_unexpected_ccs), \
3536
TEST_DECL_GROUP("tls", test_tls13_unexpected_ccs), \
3637
TEST_DECL_GROUP("tls", test_tls12_curve_intersection), \
3738
TEST_DECL_GROUP("tls", test_tls13_curve_intersection), \
38-
TEST_DECL_GROUP("tls", test_tls_certreq_order)
39+
TEST_DECL_GROUP("tls", test_tls_certreq_order), \
40+
TEST_DECL_GROUP("tls", test_tls12_bad_cv_sig_alg)
3941

40-
#endif /* TESTS_API_TEST_TLS_EMS_H */
42+
#endif /* TESTS_API_TEST_TLS_H */

0 commit comments

Comments
 (0)