From cccb618be044d2a2e6a7e3dac3dfe94e798ae774 Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 9 May 2020 14:02:24 +0000 Subject: Make the test for the legacy_compression_method vector in the ClientHello stricter. Previously, we would accept any vector if it advertised the "null" compression method. RFC 8446 4.1.2 specifies that the only legal vector has length one and contains a zero byte for the null method. ok jsing --- lib/libssl/tls13_server.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) (limited to 'lib/libssl/tls13_server.c') diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 313c5026d02..2fe5428b718 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.37 2020/05/09 10:51:55 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.38 2020/05/09 14:02:24 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -89,6 +89,8 @@ tls13_client_hello_is_legacy(CBS *cbs) return (max_version < TLS1_3_VERSION); } +static const uint8_t tls13_compression_null_only[] = { 0 }; + static int tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) { @@ -96,8 +98,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) STACK_OF(SSL_CIPHER) *ciphers = NULL; const SSL_CIPHER *cipher; uint16_t legacy_version; - uint8_t compression_method; - int alert_desc, comp_null; + int alert_desc; SSL *s = ctx->ssl; int ret = 0; @@ -155,15 +156,9 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) } S3I(s)->hs.new_cipher = cipher; - /* Ensure they advertise the NULL compression method. */ - comp_null = 0; - while (CBS_len(&compression_methods) > 0) { - if (!CBS_get_u8(&compression_methods, &compression_method)) - goto err; - if (compression_method == 0) - comp_null = 1; - } - if (!comp_null) { + /* Ensure only the NULL compression method is advertised. */ + if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only, + sizeof(tls13_compression_null_only))) { ctx->alert = SSL_AD_ILLEGAL_PARAMETER; goto err; } -- cgit v1.2.3-59-g8ed1b