From: Alessandro Ghedini Date: Fri, 25 Sep 2015 15:53:58 +0000 (+0200) Subject: Increment size limit for ClientHello messages X-Git-Tag: OpenSSL_1_1_0-pre6~842 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8a18bc25883bd6e6ac1268e42190250c564ba024;p=oweals%2Fopenssl.git Increment size limit for ClientHello messages The current limit of 2^14 bytes is too low (e.g. RFC 5246 specifies the maximum size of just the extensions field to be 2^16-1), and may cause bogus failures. RT#4063 Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/413) --- diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 4507357abf..90b9d2dfac 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -747,6 +747,23 @@ int ossl_statem_server_construct_message(SSL *s) return 0; } +/* + * Maximum size (excluding the Handshake header) of a ClientHello message, + * calculated as follows: + * + * 2 + # client_version + * 32 + # only valid length for random + * 1 + # length of session_id + * 32 + # maximum size for session_id + * 2 + # length of cipher suites + * 2^16-2 + # maximum length of cipher suites array + * 1 + # length of compression_methods + * 2^8-1 + # maximum length of compression methods + * 2 + # length of extensions + * 2^16-1 # maximum length of extensions + */ +#define CLIENT_HELLO_MAX_LENGTH 131396 + #define CLIENT_KEY_EXCH_MAX_LENGTH 2048 #define NEXT_PROTO_MAX_LENGTH 514 @@ -760,7 +777,7 @@ unsigned long ossl_statem_server_max_message_size(SSL *s) switch(st->hand_state) { case TLS_ST_SR_CLNT_HELLO: - return SSL3_RT_MAX_PLAIN_LENGTH; + return CLIENT_HELLO_MAX_LENGTH; case TLS_ST_SR_CERT: return s->max_cert_list;