From 82f992cbe0db628879aae4bf3ddd95cfcb1098a5 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 13 Feb 2017 11:55:38 +0000 Subject: [PATCH] Limit the number of KeyUpdate messages we can process Too many KeyUpdate message could be inicative of a problem (e.g. an infinite KeyUpdate loop if the peer always responds to a KeyUpdate message with an "update_requested" KeyUpdate response), or (conceivably) an attack. Either way we limit the number of KeyUpdate messages we are prepared to handle. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2609) --- include/openssl/ssl.h | 1 + ssl/ssl_err.c | 1 + ssl/ssl_locl.h | 4 ++++ ssl/statem/statem_lib.c | 8 ++++++++ 4 files changed, 14 insertions(+) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 72f835460a..da5d1d09d2 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2622,6 +2622,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_TLS_HEARTBEAT_PENDING 366 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_KEY_UPDATES 132 # define SSL_R_TOO_MANY_WARN_ALERTS 409 # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index ec2b41dabf..341712cdb7 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -764,6 +764,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "tls illegal exporter label"}, {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "tls invalid ecpointformat list"}, + {ERR_REASON(SSL_R_TOO_MANY_KEY_UPDATES), "too many key updates"}, {ERR_REASON(SSL_R_TOO_MANY_WARN_ALERTS), "too many warn alerts"}, {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "unable to find ecdh parameters"}, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 12eba2130e..31afe10f10 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -996,6 +996,10 @@ struct ssl_st { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */ EVP_MD_CTX *write_hash; /* used for mac generation */ + + /* Count of how many KeyUpdate messages we have received */ + unsigned int key_update_count; + /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 809fe6fd50..5e194e886a 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -510,12 +510,20 @@ int tls_construct_key_update(SSL *s, WPACKET *pkt) return 0; } +#define MAX_KEY_UPDATE_MESSAGES 32 MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) { int al; unsigned int updatetype; + s->key_update_count++; + if (s->key_update_count > MAX_KEY_UPDATE_MESSAGES) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_TLS_PROCESS_KEY_UPDATE, SSL_R_TOO_MANY_KEY_UPDATES); + goto err; + } + if (!PACKET_get_1(pkt, &updatetype) || PACKET_remaining(pkt) != 0 || (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED -- 2.25.1