TLSv1.3 certificate verify: report rsa_pss_pss_* signature algorithm when supported #9443
Conversation
holtrop
force-pushed
the
report-rsa_pss_pss-sig-algo
branch
5 times, most recently
from
798f8c4 to
268b81c
Compare
holtrop
force-pushed
the
report-rsa_pss_pss-sig-algo
branch
16 times, most recently
from
2859f2d to
2c4b6f4
Compare
src/ssl_load.c
Outdated
| } | ||
| #ifdef WC_RSA_PSS | ||
| if (ssl) | ||
| ssl->ctx->useRsaPss = (cert->keyOID == RSAPSSk) ? 1U : 0U; |
There was a problem hiding this comment.
Add the field to WOLFSSL.
Don't modify the WOLFSSL_CTX when the certificate is only for the SSL.
There was a problem hiding this comment.
Everywhere that uses ssl in this function checks if it is non-NULL first and it looked to me that this function could be called with ssl NULL and only ctx set. I was trying to support all calls to this, but maybe I only need to support the calls where ssl is not NULL to set this flag?
There was a problem hiding this comment.
If I move useRsaPss flag to struct WOLFSSL then the issue is broken again and rss_pss_rsae_sha256 is reported instead of rss_pss_pss_sha256.
There was a problem hiding this comment.
If the certificate with RSA-PSS OID goes against 'ssl' and not 'ctx', then updating 'ctx' is wrong.
Did I misunderstand the code?
Are you checking the 'ssl' field after adding and are you copying the field from 'ctx' on creation of the WOLFSSL object.
3 participants
Description
Report rsa_pss_pss_* signature algorithm instead of rsa_pss_rsae_* when both sides support it and the key/cert in use is RSA-PSS.
Fixes ZD#20812
Testing
Captured TLSv1.3 traffic with Wireshark and verified that the Certificate Verify message now reports rsa_pss_pss_sha256 when it previously reported rsa_pss_rsae_sha256.
Checklist