Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs

Fix TLS1.2 signature algorithms list entry getting overwritten by length.
2025-07-29 11:41:15 +03:00 · 2022-11-21 10:09:57 +00:00
parent 821d862159 f6e342cae2
commit 9e1836cc16
4 changed files with 45 additions and 10 deletions
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@ -2654,7 +2654,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
    for( size_t i = 0; i < sig_alg_len; i += 2 )
    {
        MBEDTLS_SSL_DEBUG_MSG( 3,
-            ( "Supported Signature Algorithm found: %d,%d",
+            ( "Supported Signature Algorithm found: %02x %02x",
              sig_alg[i], sig_alg[i + 1]  ) );
    }
 #endif
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@ -2531,10 +2531,15 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
        if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
            continue;

-        MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
+        /* Write elements at offsets starting from 1 (offset 0 is for the
+         * length). Thus the offset of each element is the length of the
+         * partial list including that element. */
        sa_len += 2;
+        MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
+
    }

+    /* Fill in list length. */
    MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
    sa_len += 2;
    p += sa_len;