It is illegal in a TLSv1.3 ClientHello to send anything other than the
NULL compression method. We should send an alert if we find anything else
there. Previously we were ignoring this error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3410)
* algorithms from the client, starting at q.
*/
s->s3->tmp.new_compression = NULL;
* algorithms from the client, starting at q.
*/
s->s3->tmp.new_compression = NULL;
+ if (SSL_IS_TLS13(s)) {
+ /*
+ * We already checked above that the NULL compression method appears in
+ * the list. Now we check there aren't any others (which is illegal in
+ * a TLSv1.3 ClientHello.
+ */
+ if (clienthello->compressions_len != 1) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_INVALID_COMPRESSION_ALGORITHM);
+ goto err;
+ }
+ }
#ifndef OPENSSL_NO_COMP
/* This only happens if we have a cache hit */
#ifndef OPENSSL_NO_COMP
/* This only happens if we have a cache hit */
- if (s->session->compress_meth != 0 && !SSL_IS_TLS13(s)) {
+ else if (s->session->compress_meth != 0) {
int m, comp_id = s->session->compress_meth;
unsigned int k;
/* Perform sanity checks on resumed compression algorithm */
int m, comp_id = s->session->compress_meth;
unsigned int k;
/* Perform sanity checks on resumed compression algorithm */
}
} else if (s->hit) {
comp = NULL;
}
} else if (s->hit) {
comp = NULL;
- } else if (ssl_allow_compression(s) && s->ctx->comp_methods
- && !SSL_IS_TLS13(s)) {
+ } else if (ssl_allow_compression(s) && s->ctx->comp_methods) {
/* See if we have a match */
int m, nn, v, done = 0;
unsigned int o;
/* See if we have a match */
int m, nn, v, done = 0;
unsigned int o;
projects / openssl.git / commitdiff