Interop testing fixes

Fix TLS13 cipher suite name to CHACHA20
Include SignatureAlgorithm in older versions of TLS when compiling for
TLS v1.3.
BIT STRING unused bits doesn't necessarily indicate last unused bit.
Fix ecc_dsa_sa_algo value.

scripts/tls13.test

@@ -162,7 +162,7 @@ echo ""
 # TLS 1.3 cipher suites server / client.
 echo -e "\n\nOnly TLS v1.3 cipher suites"
 port=0
-./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACH20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 &
+./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 &
 server_pid=$!
 create_port
 ./examples/client/client -v 4 -p $port
@@ -210,7 +210,7 @@ echo ""
 # TLS 1.3 cipher suites server / client.
 echo -e "\n\nOnly TLS v1.3 cipher suite - CHACHA20-POLY1305 SHA-256"
 port=0
-./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACH20-POLY1305-SHA256 &
+./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 &
 server_pid=$!
 create_port
 ./examples/client/client -v 4 -p $port

src/internal.c

@@ -13621,7 +13621,7 @@ static const char* const cipher_names[] =
 #endif
 
 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
-    "TLS13-CHACH20-POLY1305-SHA256",
+    "TLS13-CHACHA20-POLY1305-SHA256",
 #endif
 
 #ifdef BUILD_TLS_AES_128_CCM_SHA256
@@ -14655,9 +14655,9 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
                 }
             #endif /* WOLFSSL_DTLS */
 
-                suites->suites[idx++] = (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
+                suites->suites[idx++] = (XSTRSTR(name, "TLS13"))  ? TLS13_BYTE
+                                      : (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
                                       : (XSTRSTR(name, "QSH"))    ? QSH_BYTE
-                                      : (XSTRSTR(name, "TLS13"))  ? TLS13_BYTE
                                       : (XSTRSTR(name, "EC"))     ? ECC_BYTE
                                       : (XSTRSTR(name, "CCM"))    ? ECC_BYTE
                                       : 0x00; /* normal */

src/tls.c

@@ -4428,7 +4428,8 @@ static int TLSX_SetSupportedVersions(TLSX** extensions, const void* data,
  */
 static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
 {
-    int cnt = 0;
+    WOLFSSL* ssl = (WOLFSSL*)data;
+    int      cnt = 0;
 
     (void)data;
 
@@ -4446,6 +4447,7 @@ static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
         cnt++;
     #endif
     #ifdef WC_RSA_PSS
+        if (IsAtLeastTLSv1_3(ssl->version)) {
         #ifndef NO_SHA256
             cnt++;
         #endif
@@ -4455,6 +4457,7 @@ static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
         #ifdef HAVE_SHA512
             cnt++;
         #endif
+        }
     #endif
 #endif
 
@@ -4487,9 +4490,9 @@ static word16 TLSX_SignatureAlgorithms_GetSize(byte* data)
  */
 static word16 TLSX_SignatureAlgorithms_Write(byte* data, byte* output)
 {
-    int idx = OPAQUE16_LEN;
+    WOLFSSL* ssl = (WOLFSSL*)data;
+    int      idx = OPAQUE16_LEN;
 
-    (void)data;
 
 #ifndef NO_RSA
     #ifndef NO_SHA1
@@ -4509,6 +4512,7 @@ static word16 TLSX_SignatureAlgorithms_Write(byte* data, byte* output)
         output[idx++] = 0x01;
     #endif
     #ifdef WC_RSA_PSS
+        if (IsAtLeastTLSv1_3(ssl->version)) {
         #ifndef NO_SHA256
             output[idx++] = 0x08;
             output[idx++] = 0x04;
@@ -4521,6 +4525,7 @@ static word16 TLSX_SignatureAlgorithms_Write(byte* data, byte* output)
             output[idx++] = 0x08;
             output[idx++] = 0x06;
         #endif
+        }
     #endif
 #endif
 
@@ -7065,17 +7070,17 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
     } /* is not server */
 
     #ifdef WOLFSSL_TLS13
+        WOLFSSL_MSG("Adding signature algorithms extension");
+        if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, ssl,
+                                               ssl->heap)) != 0)
+            return ret;
+
         if (!isServer && IsAtLeastTLSv1_3(ssl->version)) {
             /* Add mandatory TLS v1.3 extension: supported version */
             WOLFSSL_MSG("Adding supported versions extension");
             if ((ret = TLSX_SetSupportedVersions(&ssl->extensions, ssl,
                                                  ssl->heap)) != 0)
                 return ret;
-            /* Add TLS v1.3 extension: signature algorithms */
-            WOLFSSL_MSG("Adding signature algorithms extension");
-            if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, NULL,
-                                                   ssl->heap)) != 0)
-                return ret;
 
             /* Add FFDHE supported groups. */
     #ifdef HAVE_FFDHE_2048
@@ -7201,9 +7206,10 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl)
         QSH_VALIDATE_REQUEST(ssl, semaphore);
         WOLF_STK_VALIDATE_REQUEST(ssl);
 #if defined(WOLFSSL_TLS13)
+        if (!IsAtLeastTLSv1_2(ssl))
+            TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
         if (!IsAtLeastTLSv1_3(ssl->version)) {
             TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
-            TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
             TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
     #ifndef NO_PSK
             TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
@@ -7252,9 +7258,10 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
         WOLF_STK_VALIDATE_REQUEST(ssl);
         QSH_VALIDATE_REQUEST(ssl, semaphore);
 #if defined(WOLFSSL_TLS13)
+        if (!IsAtLeastTLSv1_2(ssl))
+            TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
         if (!IsAtLeastTLSv1_3(ssl->version)) {
             TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
-            TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
             TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
     #ifndef NO_PSK
             TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
@@ -7637,7 +7644,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
             case TLSX_SIGNATURE_ALGORITHMS:
                 WOLFSSL_MSG("Signature Algorithms extension received");
 
-                if (!IsAtLeastTLSv1_3(ssl->version))
+                if (!IsAtLeastTLSv1_2(ssl))
                     break;
 
                 if (IsAtLeastTLSv1_3(ssl->version) &&

wolfcrypt/src/asn.c

@@ -1005,8 +1005,6 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
     if (b != 0) {
         if ((byte)(input[idx + length - 1] << (8 - b)) != 0)
             return ASN_PARSE_E;
-        if (((input[idx + length - 1] >> b) & 0x01) != 0x01)
-            return ASN_PARSE_E;
     }
     idx++;
     length--; /* length has been checked for greater than 0 */

wolfssl/internal.h

@@ -2348,7 +2348,7 @@ enum SignatureAlgorithm {
     anonymous_sa_algo = 0,
     rsa_sa_algo       = 1,
     dsa_sa_algo       = 2,
-    ecc_dsa_sa_algo   = 4,
+    ecc_dsa_sa_algo   = 3,
     rsa_pss_sa_algo   = 8
 };