Merge pull request #9244 from waleed-elmelegy-arm/fix-tls13_parse_client_hello-issue

Fix issue in handling legacy_compression_methods in ssl_tls13_parse_client_hello()
2025-03-16 04:20:49 +00:00 · 2024-08-22 18:56:27 +00:00 · 2024-08-22 18:56:27 +00:00 · 805ac15e2d
commit 805ac15e2d
parent d65f4b83f0 344f79bde6
3 changed files with 26 additions and 4 deletions
--- a/ChangeLog.d/fix-legacy-compression-issue.txt
+++ b/ChangeLog.d/fix-legacy-compression-issue.txt
@ -0,0 +1,6 @@
+Bugfix
+   * Fixes an issue where some TLS 1.2 clients could not connect to an
+     Mbed TLS 3.6.0 server, due to incorrect handling of
+     legacy_compression_methods in the ClientHello.
+     fixes #8995, #9243.
+
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -1355,19 +1355,23 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
     * compression methods and the length of the extensions.
     *
     * cipher_suites                cipher_suites_len bytes
-     * legacy_compression_methods                   2 bytes
-     * extensions_len                               2 bytes
+     * legacy_compression_methods length            1 byte
     */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, cipher_suites_len + 2 + 2);
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, cipher_suites_len + 1);
    p += cipher_suites_len;
    cipher_suites_end = p;

+    /* Check if we have enough data for legacy_compression_methods
+     * and the length of the extensions (2 bytes).
+     */
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p + 1, end, p[0] + 2);
+
    /*
     * Search for the supported versions extension and parse it to determine
     * if the client supports TLS 1.3.
     */
    ret = mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts(
-        ssl, p + 2, end,
+        ssl, p + 1 + p[0], end,
        &supported_versions_data, &supported_versions_data_end);
    if (ret < 0) {
        MBEDTLS_SSL_DEBUG_RET(1,
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -14142,6 +14142,18 @@ run_test    "TLS 1.3: no HRR in case of PSK key exchange mode" \
            -c "Selected key exchange mode: psk$" \
            -c "HTTP/1.0 200 OK"

+# Legacy_compression_methods testing
+
+requires_gnutls
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "TLS 1.2 ClientHello indicating support for deflate compression method" \
+            "$P_SRV debug_level=3" \
+            "$G_CLI  --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+COMP-DEFLATE localhost" \
+            0 \
+            -c "Handshake was completed" \
+            -s "dumping .client hello, compression. (2 bytes)"
+
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_MEMORY_DEBUG