diff options
| author | David Benjamin <davidben@google.com> | 2024-04-17 11:57:44 -0400 |
|---|---|---|
| committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2024-06-17 22:07:27 +0000 |
| commit | e1d209d4432846d28c31d84f269f4edcb9a63509 (patch) | |
| tree | fe7138085a1fd0a65c68cc8d535f13fdd24919d5 /include | |
| parent | 9cac8a6b38c1cbd45c77aee108411d588da006fe (diff) | |
| download | boringssl-e1d209d4432846d28c31d84f269f4edcb9a63509.zip boringssl-e1d209d4432846d28c31d84f269f4edcb9a63509.tar.gz boringssl-e1d209d4432846d28c31d84f269f4edcb9a63509.tar.bz2 | |
Send a consistent alert when the peer sends a bad signature algorithm
I noticed that runner tests had a very weird test expectation on the
alerts sent around sigalg failures. I think this was an (unimportant)
bug on our end.
If the peer picks a sigalg that we didn't advertise, we send
illegal_parameter. However, it if picks an advertised sigalg that is
invalid in context (protocol version, public key), we end up catching it
very late in ssl_public_key_verify (by way of setup_ctx) and sending
decrypt_error.
Instead, have tls12_check_peer_sigalg check this so we consistently send
illegal_parameter. (Probably this should all fold into
ssl_public_key_verify with an alert out_param, but so it goes.)
Change-Id: I09fb84e9c1ee39b2683fa0b67dd6135d31f51c97
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/69367
Commit-Queue: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions