Remove uses of SSL compression
Remove or modify current uses of session compression.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ca8d6ff..e027458 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8046,7 +8046,6 @@
* Basic mandatory fields
*/
used += 2 /* ciphersuite */
- + 1 /* compression */
+ 1 /* id_len */
+ sizeof( session->id )
+ sizeof( session->master )
@@ -8057,8 +8056,6 @@
MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 0 );
p += 2;
- *p++ = MBEDTLS_BYTE_0( session->compression );
-
*p++ = MBEDTLS_BYTE_0( session->id_len );
memcpy( p, session->id, 32 );
p += 32;
@@ -8202,14 +8199,12 @@
/*
* Basic mandatory fields
*/
- if( 2 + 1 + 1 + 32 + 48 + 4 > (size_t)( end - p ) )
+ if( 2 + 1 + 32 + 48 + 4 > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session->ciphersuite = ( p[0] << 8 ) | p[1];
p += 2;
- session->compression = *p++;
-
session->id_len = *p++;
memcpy( session->id, p, 32 );
p += 32;
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 2405208..8a10969 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1413,7 +1413,6 @@
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
ssl->session_negotiate->ciphersuite != i ||
- ssl->session_negotiate->compression != comp ||
ssl->session_negotiate->id_len != n ||
memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
{
@@ -1423,7 +1422,6 @@
ssl->session_negotiate->start = mbedtls_time( NULL );
#endif
ssl->session_negotiate->ciphersuite = i;
- ssl->session_negotiate->compression = comp;
ssl->session_negotiate->id_len = n;
memcpy( ssl->session_negotiate->id, buf + 35, n );
}
@@ -1486,8 +1484,7 @@
}
#endif
- if( comp != MBEDTLS_SSL_COMPRESS_NULL
- )
+ if( comp != MBEDTLS_SSL_COMPRESS_NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
mbedtls_ssl_send_alert_message(
@@ -1496,7 +1493,6 @@
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
- ssl->session_negotiate->compression = comp;
ext = buf + 40 + n;
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 4e18e62..bc32327 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -1298,7 +1298,10 @@
buf + ciph_offset + 2, ciph_len );
/*
- * Check the compression algorithms length and pick one
+ * Check the compression algorithm's length.
+ * The list contents are ignored because implementing
+ * MBEDTLS_SSL_COMPRESS_NULL is mandatory and is the only
+ * option supported by Mbed TLS.
*/
comp_offset = ciph_offset + 2 + ciph_len;
@@ -1317,12 +1320,6 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, compression",
buf + comp_offset + 1, comp_len );
- ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
- /* See comments in ssl_write_client_hello() */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
-#endif
/*
* Check the extension length
*/
@@ -2180,8 +2177,7 @@
if( ret != 0 )
goto exit;
- if( session->ciphersuite != session_tmp.ciphersuite ||
- session->compression != session_tmp.compression )
+ if( session->ciphersuite != session_tmp.ciphersuite )
{
/* Mismatch between cached and negotiated session */
goto exit;
@@ -2331,12 +2327,12 @@
MBEDTLS_PUT_UINT16_BE( ssl->session_negotiate->ciphersuite, p, 0 );
p += 2;
- *p++ = MBEDTLS_BYTE_0( ssl->session_negotiate->compression );
+ *p++ = MBEDTLS_BYTE_0( MBEDTLS_SSL_COMPRESS_NULL );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
- (unsigned int) ssl->session_negotiate->compression ) );
+ (unsigned int) MBEDTLS_SSL_COMPRESS_NULL ) );
/*
* First write extensions, then the total length