mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-10 15:40:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix issue in handling legacy_compression_methods in ssl_tls13_parse_client_hello()

Browse Source 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This commit is contained in:
Waleed Elmelegy 2024-06-11 18:44:48 +01:00
parent 28cdd11908
commit 41e0cdf8c1
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
library/ssl_tls13_server.c
View File

@ -1265,6 +1265,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
int hrr_required = 0;
int no_usable_share_for_key_agreement = 0;
unsigned char legacy_compression_methods_len;
unsigned char legacy_compression_methods;
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
int got_psk = 0;
@ -1362,6 +1364,13 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
p += cipher_suites_len;
cipher_suites_end = p;
legacy_compression_methods_len = *p;
legacy_compression_methods = *(p+1);
if (legacy_compression_methods_len != 1 || legacy_compression_methods != 0) {
return SSL_CLIENT_HELLO_TLS1_2;
}
/*
* Search for the supported versions extension and parse it to determine
* if the client supports TLS 1.3.