Forbid unsolicited CompressedCertificate message

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

diff --git a/lib/ext/compress_certificate.c b/lib/ext/compress_certificate.c
index 2d0baa626292516d3a1ec0c98d318446a89e4191..66dd9e9275116a5c8012ecd6799f313e37283e41 100644 (file)
--- a/lib/ext/compress_certificate.c
+++ b/lib/ext/compress_certificate.c
@@ -263,6 +263,8 @@ _gnutls_compress_certificate_send_params(gnutls_session_t session,
        if (ret < 0)
                return gnutls_assert_val(ret);
 
+       session->internals.hsk_flags |= HSK_COMP_CRT_REQ_SENT;
+
        return bytes_len + 1;
 }
 

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 19da7fcee8dc042dbe45c1b59f827e8c6d69938e..567d34f365e3795be23f23a21adc65711dc2a148 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1357,6 +1357,7 @@ typedef struct {
 #define HSK_HRR_SENT (1<<3)
 #define HSK_HRR_RECEIVED (1<<4)
 #define HSK_CRT_REQ_SENT (1<<5)
+#define HSK_COMP_CRT_REQ_SENT (1<<6) /* whether certificate compression has been requested */
 #define HSK_KEY_UPDATE_ASKED (1<<7) /* flag is not used during handshake */
 #define HSK_FALSE_START_USED (1<<8) /* TLS1.2 only */
 #define HSK_HAVE_FFDHE (1<<9) /* whether the peer has advertized at least an FFDHE group */

diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c
index 065bb9a62ad18e19da43a1ce4e1b725628dccdac..4059db38decc002959e568293e2027d945f2f285 100644 (file)
--- a/lib/tls13/certificate.c
+++ b/lib/tls13/certificate.c
@@ -60,7 +60,7 @@ int _gnutls13_recv_certificate(gnutls_session_t session)
        if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET) {
                /* check if we received compressed certificate */
                err = _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT, 0, &buf);
-               if (err >= 0) {
+               if (err >= 0 && (session->internals.hsk_flags & HSK_COMP_CRT_REQ_SENT)) {
                        decompress_cert = 1;
                        ret = err;
                }