This commit fixes a critical issue about ECDH_ANON key-exchange. When
MBEDTLS_KEY_EXCHANGE_ECDH_ANON_ENABLED is enabled, TLS client could
bypass the signature verification and it would makes security hole.
Change-Id: I6123552ab3e899919a6fc046a5c4600a3d1b9ca2
Signed-off-by: Junyeon LEE <junyeon2.lee@samsung.com>
// Anonim cipher suite without sign, ecdh param only
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ANON_ENABLED)
- goto exit;
+ if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ANON) {
+ goto exit;
+ }
#endif
/*
* Read signature