diff options
| author | tb <> | 2020-05-09 14:02:24 +0000 |
|---|---|---|
| committer | tb <> | 2020-05-09 14:02:24 +0000 |
| commit | 34e6d9a25c5b927d958c8283776ec93b9c531ef5 (patch) | |
| tree | fff7967e1d027f04aec4f8383b301aed09e9dd1c | |
| parent | 09c6812a2299fc6ddfccf33df96d6405ff0721a7 (diff) | |
| download | openbsd-34e6d9a25c5b927d958c8283776ec93b9c531ef5.tar.gz openbsd-34e6d9a25c5b927d958c8283776ec93b9c531ef5.tar.bz2 openbsd-34e6d9a25c5b927d958c8283776ec93b9c531ef5.zip | |
Make the test for the legacy_compression_method vector in the ClientHello
stricter. Previously, we would accept any vector if it advertised the
"null" compression method. RFC 8446 4.1.2 specifies that the only legal
vector has length one and contains a zero byte for the null method.
ok jsing
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 313c5026d0..2fe5428b71 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.37 2020/05/09 10:51:55 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.38 2020/05/09 14:02:24 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| @@ -89,6 +89,8 @@ tls13_client_hello_is_legacy(CBS *cbs) | |||
| 89 | return (max_version < TLS1_3_VERSION); | 89 | return (max_version < TLS1_3_VERSION); |
| 90 | } | 90 | } |
| 91 | 91 | ||
| 92 | static const uint8_t tls13_compression_null_only[] = { 0 }; | ||
| 93 | |||
| 92 | static int | 94 | static int |
| 93 | tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) | 95 | tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) |
| 94 | { | 96 | { |
| @@ -96,8 +98,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 96 | STACK_OF(SSL_CIPHER) *ciphers = NULL; | 98 | STACK_OF(SSL_CIPHER) *ciphers = NULL; |
| 97 | const SSL_CIPHER *cipher; | 99 | const SSL_CIPHER *cipher; |
| 98 | uint16_t legacy_version; | 100 | uint16_t legacy_version; |
| 99 | uint8_t compression_method; | 101 | int alert_desc; |
| 100 | int alert_desc, comp_null; | ||
| 101 | SSL *s = ctx->ssl; | 102 | SSL *s = ctx->ssl; |
| 102 | int ret = 0; | 103 | int ret = 0; |
| 103 | 104 | ||
| @@ -155,15 +156,9 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) | |||
| 155 | } | 156 | } |
| 156 | S3I(s)->hs.new_cipher = cipher; | 157 | S3I(s)->hs.new_cipher = cipher; |
| 157 | 158 | ||
| 158 | /* Ensure they advertise the NULL compression method. */ | 159 | /* Ensure only the NULL compression method is advertised. */ |
| 159 | comp_null = 0; | 160 | if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only, |
| 160 | while (CBS_len(&compression_methods) > 0) { | 161 | sizeof(tls13_compression_null_only))) { |
| 161 | if (!CBS_get_u8(&compression_methods, &compression_method)) | ||
| 162 | goto err; | ||
| 163 | if (compression_method == 0) | ||
| 164 | comp_null = 1; | ||
| 165 | } | ||
| 166 | if (!comp_null) { | ||
| 167 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; | 162 | ctx->alert = SSL_AD_ILLEGAL_PARAMETER; |
| 168 | goto err; | 163 | goto err; |
| 169 | } | 164 | } |