From 96a0fd951f8995b381ba31b104ce971b0c56007a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 8 Nov 2022 17:09:56 +0000 Subject: [PATCH] Fix signature algorithms list entry getting overwritten by length. Fix bug whereby the supported signature algorithm list sent by the server in the certificate request would not leave enough space for the length to be written, and thus the first element would get overwritten, leaving two random bytes in the last entry. Signed-off-by: Paul Elliott --- ChangeLog.d/fix-tls12server-sent-sigalgs.txt | 5 +++++ library/ssl_tls12_server.c | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/fix-tls12server-sent-sigalgs.txt diff --git a/ChangeLog.d/fix-tls12server-sent-sigalgs.txt b/ChangeLog.d/fix-tls12server-sent-sigalgs.txt new file mode 100644 index 0000000000..9abde2b521 --- /dev/null +++ b/ChangeLog.d/fix-tls12server-sent-sigalgs.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix a bug whereby the the list of signature algorithms sent as part of the + TLS 1.2 server certificate request would get corrupted, meaning the first + algorithm would not get sent and an entry consisting of two random bytes + would be sent instead. Found by Serban Bejan and Dudek Sebastian. diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 71f703c7ff..3dab2467c6 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2531,10 +2531,15 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) ) continue; - MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len ); + /* Write elements at offsets starting from 1 (offset 0 is for the + * length). Thus the offset of each element is the length of the + * partial list including that element. */ sa_len += 2; + MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len ); + } + /* Fill in list length. */ MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 ); sa_len += 2; p += sa_len;