Fix signature algorithms list entry getting overwritten by length. Fix bug whereby the supported signature algorithm list sent by the server in the certificate request would not leave enough space for the length to be written, and thus the first element would get overwritten, leaving two random bytes in the last entry. Signed-off-by: Paul Elliott <paul.elliott@arm.com>

commit: 96a0fd951f8995b381ba31b104ce971b0c56007a [log] [tgz]
author: Paul Elliott <paul.elliott@arm.com> Tue Nov 08 17:09:56 2022 +0000
committer: Paul Elliott <paul.elliott@arm.com> Thu Nov 17 14:58:14 2022 +0000
tree: 9f8c4c9a7f552a0163ccf510429f1311ec3f1954
parent: 9f1ecadc4087fd6af90727023db59cd236c608e1 [diff]
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 71f703c..3dab246 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c

@@ -2531,10 +2531,15 @@
         if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
             continue;
 
-        MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
+        /* Write elements at offsets starting from 1 (offset 0 is for the
+         * length). Thus the offset of each element is the length of the
+         * partial list including that element. */
         sa_len += 2;
+        MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
+
     }
 
+    /* Fill in list length. */
     MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
     sa_len += 2;
     p += sa_len;
commit	96a0fd951f8995b381ba31b104ce971b0c56007a	[log] [tgz]
author	Paul Elliott <paul.elliott@arm.com>	Tue Nov 08 17:09:56 2022 +0000
committer	Paul Elliott <paul.elliott@arm.com>	Thu Nov 17 14:58:14 2022 +0000
tree	9f8c4c9a7f552a0163ccf510429f1311ec3f1954
parent	9f1ecadc4087fd6af90727023db59cd236c608e1 [diff]