Need to move sigalg check down because it does not consider hybrids.

anhu · anhu · commit a765bbdb7999 · 2025-11-26T13:31:21.000-05:00
diff --git a/src/tls13.c b/src/tls13.c
@@ -10215,18 +10215,6 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 ERROR_OUT(BUFFER_ERROR, exit_dcv);
             }
 
-            validSigAlgo = 0;
-            for (i = 0; i < suites->hashSigAlgoSz; i += 2) {
-                 if ((suites->hashSigAlgo[i + 0] == input[args->idx + 0]) &&
-                         (suites->hashSigAlgo[i + 1] == input[args->idx + 1])) {
-                     validSigAlgo = 1;
-                     break;
-                 }
-            }
-            if (!validSigAlgo) {
-                ERROR_OUT(INVALID_PARAMETER, exit_dcv);
-            }
-
 #ifdef WOLFSSL_DUAL_ALG_CERTS
             if (ssl->peerSigSpec == NULL) {
                 /* The peer did not respond. We didn't send CKS or they don't
@@ -10243,6 +10231,18 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_NATIVE ||
                 *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_ALTERNATIVE) {
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
+                validSigAlgo = 0;
+                for (i = 0; i < suites->hashSigAlgoSz; i += 2) {
+                     if ((suites->hashSigAlgo[i + 0] == input[args->idx + 0]) &&
+                             (suites->hashSigAlgo[i + 1] == input[args->idx + 1])) {
+                         validSigAlgo = 1;
+                         break;
+                     }
+                }
+                if (!validSigAlgo) {
+                    ERROR_OUT(INVALID_PARAMETER, exit_dcv);
+                }
+
                 ret = DecodeTls13SigAlg(input + args->idx,
                         &ssl->options.peerHashAlgo, &ssl->options.peerSigAlgo);
 #ifdef WOLFSSL_DUAL_ALG_CERTS
