TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-05 12:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

sig_algs: fix typo in client's sig_algs check

Browse Source 
This bug caused the client accepting sig_algs used by the server that
it explicitly wanted to disallow.

Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
Janos Follath
2026-01-23 16:22:50 +00:00
parent d8868c432f
commit d7b85b76a6
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
library/ssl_tls12_client.c
View File

@@ -1910,8 +1910,8 @@ start_processing:
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
sig_alg = MBEDTLS_GET_UINT16_BE(p, 0);
if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg(
sig_alg, &pk_alg, &md_alg) != 0 &&
!mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) &&
sig_alg, &pk_alg, &md_alg) != 0 ||
!mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) ||
!mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) {
MBEDTLS_SSL_DEBUG_MSG(1,
("bad server key exchange message"));