Ensure that we never select compression in TLSv1.3
authorMatt Caswell <matt@openssl.org>
Wed, 1 Mar 2017 10:36:38 +0000 (10:36 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 2 Mar 2017 16:49:28 +0000 (16:49 +0000)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2814)

ssl/statem/statem_clnt.c
ssl/statem/statem_srvr.c

index 1943f55..abddc0a 100644 (file)
@@ -1105,7 +1105,9 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
         return 0;
     }
 #ifndef OPENSSL_NO_COMP
-    if (ssl_allow_compression(s) && s->ctx->comp_methods) {
+    if (ssl_allow_compression(s)
+            && s->ctx->comp_methods
+            && (SSL_IS_DTLS(s) || s->s3->tmp.max_ver < TLS1_3_VERSION)) {
         int compnum = sk_SSL_COMP_num(s->ctx->comp_methods);
         for (i = 0; i < compnum; i++) {
             comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
index 26c37c7..39e0f59 100644 (file)
@@ -1736,7 +1736,7 @@ static int tls_early_post_process_client_hello(SSL *s, int *al)
     s->s3->tmp.new_compression = NULL;
 #ifndef OPENSSL_NO_COMP
     /* This only happens if we have a cache hit */
-    if (s->session->compress_meth != 0) {
+    if (s->session->compress_meth != 0 && !SSL_IS_TLS13(s)) {
         int m, comp_id = s->session->compress_meth;
         unsigned int k;
         /* Perform sanity checks on resumed compression algorithm */
@@ -1770,9 +1770,10 @@ static int tls_early_post_process_client_hello(SSL *s, int *al)
                    SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING);
             goto err;
         }
-    } else if (s->hit)
+    } else if (s->hit) {
         comp = NULL;
-    else if (ssl_allow_compression(s) && s->ctx->comp_methods) {
+    } else if (ssl_allow_compression(s) && s->ctx->comp_methods
+                   && !SSL_IS_TLS13(s)) {
         /* See if we have a match */
         int m, nn, v, done = 0;
         unsigned int o;