From 5cb5144deb0af3545611a0cabf70adddaa2babe9 Mon Sep 17 00:00:00 2001
From: Marc Worrell <marc@worrell.nl>
Date: Mon, 24 Feb 2025 16:36:14 +0100
Subject: [PATCH] ssl: Fix filtering unassigned signature algorithms

---
 lib/ssl/src/ssl_cipher.erl           |  6 +++-
 lib/ssl/test/ssl_handshake_SUITE.erl | 45 ++++++++++++++++++++++++++--
 2 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 6926a324de16..31c684bf6a26 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -615,7 +615,11 @@ signature_scheme(?ECDSA_SHA1) -> ecdsa_sha1;
 signature_scheme(SignAlgo) when is_integer(SignAlgo) ->
     <<?BYTE(Hash),?BYTE(Sign)>> = <<?UINT16(SignAlgo)>>,
     try
-        {ssl_cipher:hash_algorithm(Hash), ssl_cipher:sign_algorithm(Sign)}
+        case {hash_algorithm(Hash), sign_algorithm(Sign)} of
+            {unassigned, _} -> unassigned;
+            {_, unassigned} -> unassigned;
+            Scheme -> Scheme
+        end
     catch
         _:_ ->
             unassigned
diff --git a/lib/ssl/test/ssl_handshake_SUITE.erl b/lib/ssl/test/ssl_handshake_SUITE.erl
index 27c80c49a95e..2184748cd205 100644
--- a/lib/ssl/test/ssl_handshake_SUITE.erl
+++ b/lib/ssl/test/ssl_handshake_SUITE.erl
@@ -52,7 +52,8 @@
          decode_empty_server_sni_correctly/1,
          select_proper_tls_1_2_rsa_default_hashsign/1,
          ignore_hassign_extension_pre_tls_1_2/1,
-         signature_algorithms/1]).
+         signature_algorithms/1,
+         drop_unassigned_signature_algorithms/1]).
 
 %%--------------------------------------------------------------------
 %% Common Test interface functions -----------------------------------
@@ -66,7 +67,8 @@ all() -> [decode_hello_handshake,
 	  decode_empty_server_sni_correctly,
 	  select_proper_tls_1_2_rsa_default_hashsign,
 	  ignore_hassign_extension_pre_tls_1_2,
-	  signature_algorithms].
+	  signature_algorithms,
+      drop_unassigned_signature_algorithms].
 
 %%--------------------------------------------------------------------
 init_per_suite(Config) ->
@@ -245,6 +247,45 @@ signature_algorithms(Config) ->
                  tls_v1:default_signature_algs([?TLS_1_2]),
                  ?TLS_1_2).
 
+drop_unassigned_signature_algorithms(_Config) ->
+    %% Be sure the algo is unsupported
+    unassigned = ssl_cipher:hash_algorithm(223),
+    %% TLS client_hello handshake with unsupported signature algorithm
+    HelloBin0 = <<1,0,1,213,3,3,224,80,22,53,173,24,195,236,126,90,97,19,120,89,229,186,70,120,73,252,215,184,142,50,134,16,84,4,
+                  60,7,89,231,32,129,11,71,132,248,183,203,23,252,145,42,154,69,82,123,172,213,137,7,235,105,178,140,163,11,186,
+                  106,97,230,22,179,162,0,24,19,2,19,3,19,1,192,44,192,43,192,48,192,47,192,36,192,35,192,40,192,39,0,255,1,0,1,
+                  116,0,0,0,26,0,24,0,0,21,119,119,119,46,120,120,120,120,120,120,120,120,120,120,120,120,120,46,99,111,109,0,11,
+                  0,4,3,0,1,2,0,10,0,22,0,20,0,29,0,23,0,30,0,25,0,24,1,0,1,1,1,2,1,3,1,4,0,35,0,0,0,5,0,5,1,0,0,0,0,0,22,0,0,0,
+                  23,0,0,0,13,0,48,0,46,
+
+                  %% Supported signature algorithms:
+                  %% 4,3,5,3,6,3,8,7,8,8,8,26,8,27,8,28,8,9,8,10,8,11,8,4,8,5,8,6,4,1,5,1,6,1,3,3,3,1,3,2,4,2,5,2,6,2,
+
+                  %% Set unsupported signature algorithms (223,223):
+                  4,3,5,3,6,3,8,7,8,8,8,26,8,27,8,28,8,9,8,10,8,11,8,4,8,5,8,6,4,1,5,1,6,1,3,3,3,1,3,2,4,2,5,2,223,223,
+
+                  0,43,0,5,4,3,4,3,3,0,45,0,2,1,1,0,51,0,38,0,36,0,29,0,32,47,17,161,47,68,184,145,148,24,172,153,151,195,
+                  110,139,12,220,63,236,88,142,36,222,42,38,251,239,157,84,148,59,72,0,41,0,174,0,121,0,115,155,62,93,115,44,106,
+                  248,45,157,98,128,178,116,82,6,153,40,143,250,26,61,154,21,37,97,52,44,76,181,32,9,130,18,163,173,131,135,62,34,
+                  125,9,104,15,168,70,134,222,96,240,76,224,24,171,110,210,0,100,181,11,26,114,24,20,67,59,24,77,88,26,204,134,155,
+                  215,203,165,155,208,45,62,191,254,6,93,167,80,22,127,195,83,180,179,88,215,195,34,30,75,189,239,50,178,76,124,235,
+                  131,68,99,57,184,107,52,232,202,165,172,75,222,53,218,0,49,48,6,136,165,215,98,30,34,60,138,162,178,39,219,246,245,
+                  246,13,234,49,176,137,24,44,148,232,172,43,211,254,1,240,203,195,248,114,78,172,157,19,100,239,81,106,115,231,255,
+                  168,20>>,
+    <<?BYTE(Type), ?UINT24(_Length), Body/binary>> = HelloBin0,
+    #client_hello{
+        extensions = #{ signature_algs := #signature_algorithms{signature_scheme_list = SigAlgs} }
+    } = tls_handshake:decode_handshake(?TLS_1_3, Type, Body),
+    false = lists:any(
+        fun
+            (unassigned) -> true;
+            ({unassigned, _}) -> true;
+            ({_, unassigned}) -> true;
+            (_) -> false
+        end,
+        SigAlgs).
+
+
 %%--------------------------------------------------------------------
 %% Internal functions ------------------------------------------------
 %%--------------------------------------------------------------------