commit b6e7331739d79650dacfbabfa4536257578978ea
author Waleed Elmelegy <waleed.elmelegy@arm.com> Tue Jun 11 18:44:48 2024 +0100
committer Waleed Elmelegy <waleed.elmelegy@arm.com> Tue Jun 11 18:45:40 2024 +0100
tree 2d66e5e56d2ff3f957b057de57c11a5afd68bf4e
parent 797991dd517141d0c0e45fc40bd481f89f330184

Fix issue in handling legacy_compression_methods in ssl_tls13_parse_client_hello()

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index f5ef920..ca3ea53 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1265,6 +1265,8 @@
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
     int hrr_required = 0;
     int no_usable_share_for_key_agreement = 0;
+    unsigned char legacy_compression_methods_len;
+    unsigned char legacy_compression_methods;
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
     int got_psk = 0;
@@ -1362,6 +1364,13 @@
     p += cipher_suites_len;
     cipher_suites_end = p;
 
+    legacy_compression_methods_len = *p;
+    legacy_compression_methods = *(p+1);
+
+    if (legacy_compression_methods_len != 1 || legacy_compression_methods != 0) {
+        return SSL_CLIENT_HELLO_TLS1_2;
+    }
+
     /*
      * Search for the supported versions extension and parse it to determine
      * if the client supports TLS 1.3.