From 34e6d9a25c5b927d958c8283776ec93b9c531ef5 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 9 May 2020 14:02:24 +0000 Subject: Make the test for the legacy_compression_method vector in the ClientHello stricter. Previously, we would accept any vector if it advertised the "null" compression method. RFC 8446 4.1.2 specifies that the only legal vector has length one and contains a zero byte for the null method. ok jsing --- src/lib/libssl/tls13_server.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 313c5026d0..2fe5428b71 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.37 2020/05/09 10:51:55 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.38 2020/05/09 14:02:24 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -89,6 +89,8 @@ tls13_client_hello_is_legacy(CBS *cbs) return (max_version < TLS1_3_VERSION); } +static const uint8_t tls13_compression_null_only[] = { 0 }; + static int tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) { @@ -96,8 +98,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) STACK_OF(SSL_CIPHER) *ciphers = NULL; const SSL_CIPHER *cipher; uint16_t legacy_version; - uint8_t compression_method; - int alert_desc, comp_null; + int alert_desc; SSL *s = ctx->ssl; int ret = 0; @@ -155,15 +156,9 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) } S3I(s)->hs.new_cipher = cipher; - /* Ensure they advertise the NULL compression method. */ - comp_null = 0; - while (CBS_len(&compression_methods) > 0) { - if (!CBS_get_u8(&compression_methods, &compression_method)) - goto err; - if (compression_method == 0) - comp_null = 1; - } - if (!comp_null) { + /* Ensure only the NULL compression method is advertised. */ + if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only, + sizeof(tls13_compression_null_only))) { ctx->alert = SSL_AD_ILLEGAL_PARAMETER; goto err; } -- cgit v1.2.3-55-g6feb