[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Sat May 14 11:52:17 UTC 2016


The branch master has been updated
       via  8a18bc25883bd6e6ac1268e42190250c564ba024 (commit)
      from  c32b9dcac2d70f3868b4b22fd7be0e5ccd854c52 (commit)


- Log -----------------------------------------------------------------
commit 8a18bc25883bd6e6ac1268e42190250c564ba024
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date:   Fri Sep 25 17:53:58 2015 +0200

    Increment size limit for ClientHello messages
    
    The current limit of 2^14 bytes is too low (e.g. RFC 5246 specifies the
    maximum size of just the extensions field to be 2^16-1), and may cause
    bogus failures.
    
    RT#4063
    
    Reviewed-by: Kurt Roeckx <kurt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/413)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_srvr.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 4507357..90b9d2d 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -747,6 +747,23 @@ int ossl_statem_server_construct_message(SSL *s)
     return 0;
 }
 
+/*
+ * Maximum size (excluding the Handshake header) of a ClientHello message,
+ * calculated as follows:
+ *
+ *  2 + # client_version
+ *  32 + # only valid length for random
+ *  1 + # length of session_id
+ *  32 + # maximum size for session_id
+ *  2 + # length of cipher suites
+ *  2^16-2 + # maximum length of cipher suites array
+ *  1 + # length of compression_methods
+ *  2^8-1 + # maximum length of compression methods
+ *  2 + # length of extensions
+ *  2^16-1 # maximum length of extensions
+ */
+#define CLIENT_HELLO_MAX_LENGTH         131396
+
 #define CLIENT_KEY_EXCH_MAX_LENGTH      2048
 #define NEXT_PROTO_MAX_LENGTH           514
 
@@ -760,7 +777,7 @@ unsigned long ossl_statem_server_max_message_size(SSL *s)
 
     switch(st->hand_state) {
     case TLS_ST_SR_CLNT_HELLO:
-        return SSL3_RT_MAX_PLAIN_LENGTH;
+        return CLIENT_HELLO_MAX_LENGTH;
 
     case TLS_ST_SR_CERT:
         return s->max_cert_list;


More information about the openssl-commits mailing list