git.librecmc.org Git - oweals/openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Mon, 15 May 2017 10:24:24 +0000 (11:24 +0100)
committer	Matt Caswell <matt@openssl.org>
	Wed, 17 May 2017 09:40:04 +0000 (10:40 +0100)
commit	bd990e2535ca387def9a01218a813dc3fa547e3c
tree	81aea8bb9f02057ea44a2669b008729e2cc35f61	tree \| snapshot
parent	e1cfd184dafb3e0759c567d7ca13a92b5491ff89	commit \| diff

Don't allow fragmented alerts

An alert message is 2 bytes long. In theory it is permissible in SSLv3 -
TLSv1.2 to fragment such alerts across multiple records (some of which
could be empty). In practice it make no sense to send an empty alert
record, or to fragment one. TLSv1.3 prohibts this altogether and other
libraries (BoringSSL, NSS) do not support this at all. Supporting it adds
significant complexity to the record layer, and its removal is unlikely
to cause inter-operability issues.

The DTLS code for this never worked anyway and it is not supported at a
protocol level for DTLS. Similarly fragmented DTLS handshake records only
work at a protocol level where at least the handshake message header
exists within the record. DTLS code existed for trying to handle fragmented
handshake records smaller than this size. This code didn't work either so
has also been removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3476)

CHANGES		diff \| blob \| history
ssl/record/rec_layer_d1.c		diff \| blob \| history
ssl/record/rec_layer_s3.c		diff \| blob \| history
ssl/record/record.h		diff \| blob \| history
test/recipes/70-test_sslrecords.t		diff \| blob \| history