summary refs log tree commit diff
path: root/crypto
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2015-12-18 14:37:17 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2015-12-18 14:37:17 +0700
commit67acfffc68a2483dc3ca48a3a95fa132d6910107 (patch)
tree2c5b15e6f914dde1ddd1e0fee156bbc60792ed5c /crypto
parentAdd .userprefs to ignore list (diff)
downloadBouncyCastle.NET-ed25519-67acfffc68a2483dc3ca48a3a95fa132d6910107.tar.xz
Check CertificateRequest syntax server-side
Diffstat (limited to 'crypto')
-rw-r--r--crypto/src/crypto/tls/DtlsServerProtocol.cs3
-rw-r--r--crypto/src/crypto/tls/TlsServerProtocol.cs3
2 files changed, 6 insertions, 0 deletions
diff --git a/crypto/src/crypto/tls/DtlsServerProtocol.cs b/crypto/src/crypto/tls/DtlsServerProtocol.cs
index e2e9eddfc..c556d6320 100644
--- a/crypto/src/crypto/tls/DtlsServerProtocol.cs
+++ b/crypto/src/crypto/tls/DtlsServerProtocol.cs
@@ -156,6 +156,9 @@ namespace Org.BouncyCastle.Crypto.Tls
                 state.certificateRequest = state.server.GetCertificateRequest();
                 if (state.certificateRequest != null)
                 {
+                    if (TlsUtilities.IsTlsV12(state.serverContext) != (state.certificateRequest.SupportedSignatureAlgorithms != null))
+                        throw new TlsFatalAlert(AlertDescription.internal_error);
+
                     state.keyExchange.ValidateCertificateRequest(state.certificateRequest);
 
                     byte[] certificateRequestBody = GenerateCertificateRequest(state, state.certificateRequest);
diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs
index 5716c0cd1..1b790c9e0 100644
--- a/crypto/src/crypto/tls/TlsServerProtocol.cs
+++ b/crypto/src/crypto/tls/TlsServerProtocol.cs
@@ -200,6 +200,9 @@ namespace Org.BouncyCastle.Crypto.Tls
                         this.mCertificateRequest = mTlsServer.GetCertificateRequest();
                         if (this.mCertificateRequest != null)
                         {
+                            if (TlsUtilities.IsTlsV12(Context) != (mCertificateRequest.SupportedSignatureAlgorithms != null))
+                                throw new TlsFatalAlert(AlertDescription.internal_error);
+
                             this.mKeyExchange.ValidateCertificateRequest(mCertificateRequest);
 
                             SendCertificateRequestMessage(mCertificateRequest);