wolfSSL TLS 1.2 CertificateVerify Signature Algorithm Validation Vulnerability

A vulnerability exists in wolfSSL's handling of TLS 1.2 connections, where a client can select any supported digest algorithm, including weaker ones, instead of those specified in the CertificateRequest. This issue arises because the TLS 1.2 implementation does not properly validate that the signature algorithm used in the CertificateVerify message matches the peer's key, as required by RFC 5246.

Impact

Exploitation of this vulnerability could lead to improper validation of signature algorithms, potentially allowing for the use of weaker digests in TLS 1.2 connections.

Reproduction

To reproduce this vulnerability, establish a TLS 1.2 connection using a client certificate that includes a signature algorithm not supported by the server. Monitor the connection to see if the server accepts the CertificateVerify message without rejecting the unsupported algorithm.

Remediation

Users can update to the latest version of wolfSSL, where this vulnerability has been addressed, to ensure proper validation of signature algorithms in TLS 1.2 connections.