From d2ee9b13d8166992f7f723958a81d574b2856104 Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Fri, 5 Apr 2019 15:53:16 +0200 Subject: [PATCH] fixup universal verify on tls 1.3 client verify --- tlslite/tlsconnection.py | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py index 0ed5fd37..f99f84a0 100644 --- a/tlslite/tlsconnection.py +++ b/tlslite/tlsconnection.py @@ -2663,28 +2663,23 @@ def _serverTLS13Handshake(self, settings, clientHello, cipherSuite, if signature_scheme[1] == SignatureAlgorithm.ecdsa: hash_name = HashAlgorithm.toRepr(signature_scheme[0]) - if not public_key.verify_digest(certificate_verify.signature, - signature_context, - sigdecode_der): - for result in self._sendError( - AlertDescription.decrypt_error, - "signature verification failed"): - yield result + pad_type = None + salt_len = None else: scheme = SignatureScheme.toRepr(signature_scheme) pad_type = SignatureScheme.getPadding(scheme) hash_name = SignatureScheme.getHash(scheme) salt_len = getattr(hashlib, hash_name)().digest_size - if not public_key.verify(certificate_verify.signature, - signature_context, - pad_type, - hash_name, - salt_len): - for result in self._sendError( - AlertDescription.decrypt_error, - "signature verification failed"): - yield result + if not public_key.verify(certificate_verify.signature, + signature_context, + pad_type, + hash_name, + salt_len): + for result in self._sendError( + AlertDescription.decrypt_error, + "signature verification failed"): + yield result # as both exporter and resumption master secrets include handshake # transcript, we need to derive them early