RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 18:27:39 +00:00
Code Issues Activity Actions

LibTLS: Add signature verification for DHE and ECDHE key exchange

Browse source 
This will verify that the signature of the ephemeral key used in the
DHE and ECDHE key exchanges is actually generated by the server.

This verification is done using the first certificate provided by the
server, however the validity of this certificate is not checked here.
Instead this code expects the validity to be checked earlier by
`TLSv12::handle_certificate`.
This commit is contained in:
Michiel Visser 2022-02-18 10:58:56 +01:00 committed by Ali Mohammad Pur
parent be138474c5
commit 898be38517
5 changed files with 108 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Userland/Libraries/LibTLS/Handshake.cpp
View file

@ -489,6 +489,11 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer)
write_packet(packet);
break;
}
case Error::NotSafe: {
auto packet = build_alert(true, (u8)AlertDescription::DecryptError);
write_packet(packet);
break;
}
case Error::NeedMoreData:
// Ignore this, as it's not an "error"
dbgln_if(TLS_DEBUG, "More data needed");