When parsing the "running mode" flags tls13, it was found that in "PSK-DHE" mode, the flags would be set incorrectly. Since "PSK" is a substring of "PSK-DHE" and when the flags were sent during processing of "PSK-DHE" requests, both FLAG_OP_TLS13_RUNNING_MODE_PSK and FLAG_OP_TLS13_RUNNING_MODE_PSKDHE were set when they shouldn't be which causes parsing issues.
We have a fix coming which modifies this check to match sure the strings do an exact case-insensitive match.
smuellerDD
commented
3 years ago
When parsing the "running mode" flags tls13, it was found that in "PSK-DHE" mode, the flags would be set incorrectly. Since "PSK" is a substring of "PSK-DHE" and when the flags were sent during processing of "PSK-DHE" requests, both FLAG_OP_TLS13_RUNNING_MODE_PSK and FLAG_OP_TLS13_RUNNING_MODE_PSKDHE were set when they shouldn't be which causes parsing issues.
We have a fix coming which modifies this check to match sure the strings do an exact case-insensitive match.
Function with bug https://github.com/smuellerDD/acvpparser/blob/master/parser/parser_common.c#L491
"running mode" strings for TLS13 https://github.com/smuellerDD/acvpparser/blob/master/parser/parser_common.c#L693
relevant parser_flags https://github.com/smuellerDD/acvpparser/blob/master/parser/parser_flags.h#L181