Skip to content

Commit

Permalink
fixup universal verify on tls 1.3 client verify
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomato42
tomato42 committed Sep 19, 2019
1 parent fbaac86 commit d2ee9b1
Showing 1 changed file with 11 additions and 16 deletions.
27 changes: 11 additions & 16 deletions tlslite/tlsconnection.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2663,28 +2663,23 @@ def _serverTLS13Handshake(self, settings, clientHello, cipherSuite,

if signature_scheme[1] == SignatureAlgorithm.ecdsa:
hash_name = HashAlgorithm.toRepr(signature_scheme[0])
if not public_key.verify_digest(certificate_verify.signature,
signature_context,
sigdecode_der):
for result in self._sendError(
AlertDescription.decrypt_error,
"signature verification failed"):
yield result
pad_type = None
salt_len = None
else:
scheme = SignatureScheme.toRepr(signature_scheme)
pad_type = SignatureScheme.getPadding(scheme)
hash_name = SignatureScheme.getHash(scheme)
salt_len = getattr(hashlib, hash_name)().digest_size

if not public_key.verify(certificate_verify.signature,
signature_context,
pad_type,
hash_name,
salt_len):
for result in self._sendError(
AlertDescription.decrypt_error,
"signature verification failed"):
yield result
if not public_key.verify(certificate_verify.signature,
signature_context,
pad_type,
hash_name,
salt_len):
for result in self._sendError(
AlertDescription.decrypt_error,
"signature verification failed"):
yield result

# as both exporter and resumption master secrets include handshake
# transcript, we need to derive them early
Expand Down

0 comments on commit d2ee9b1

Please sign in to comment.