Check key type against selected key exchange

commit: 09edda888e448b8a3012bd01dbfcde57813d5431 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Aug 19 13:50:33 2013 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Aug 27 22:21:19 2013 +0200
tree: 90b13eea76923d5b3037beed3b3c55063539de65
parent: 20846b1a50184fae80dc8c0246fd821cef39d35e [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 267e385..605d466 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -1394,6 +1394,19 @@
             return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
         }
 
+        if( pk_alg != POLARSSL_PK_NONE )
+        {
+            if( pk_alg != ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
+            {
+                SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+                return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+            }
+        }
+        else
+        {
+            pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+        }
+
         sig_len = ( p[0] << 8 ) | p[1];
         p += 2;
commit	09edda888e448b8a3012bd01dbfcde57813d5431	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Aug 19 13:50:33 2013 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Aug 27 22:21:19 2013 +0200
tree	90b13eea76923d5b3037beed3b3c55063539de65
parent	20846b1a50184fae80dc8c0246fd821cef39d35e [diff] [blame]