From 1226590c888917cb6cb9ec2546f46d2a85f5deda Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Mon, 9 May 2022 16:43:21 +0200
Subject: [PATCH] Explicitly set invalid value for the end of the signiture
 algorithm set

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/ssl_tls12_server.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 6d07e267f..14dc8e1f7 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -1632,13 +1632,14 @@ read_record_header:
         uint16_t *set = ssl->handshake->received_sig_algs;
         const uint16_t sig_algs[] = {
             MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA1 )
-            MBEDTLS_TLS_SIG_NONE
         };
+        const uint16_t invalid_sig_alg = MBEDTLS_TLS_SIG_NONE;
         size_t count = sizeof( sig_algs ) / sizeof( sig_algs[0] );
 
-        if( count <= MBEDTLS_RECEIVED_SIG_ALGS_SIZE )
+        if( count < MBEDTLS_RECEIVED_SIG_ALGS_SIZE )
         {
             memcpy( set, sig_algs, sizeof( sig_algs ) );
+            memcpy( &set[count], &invalid_sig_alg, sizeof( sig_algs[0] ) );
         }
         else
         {
@@ -1647,7 +1648,7 @@ read_record_header:
 
             memcpy( set, sig_algs, size );
             memcpy( &set[MBEDTLS_RECEIVED_SIG_ALGS_SIZE - 1],
-                    &sig_algs[count - 1], sizeof( sig_algs[0] ) );
+                    &invalid_sig_alg, sizeof( sig_algs[0] ) );
         }
     }