[openssl] master update

Dr. Paul Dale pauli at openssl.org
Tue Jul 6 00:54:55 UTC 2021


The branch master has been updated
       via  e54f0c9b2fe3dd2dcb5e8100e2c69e5b2f6eb681 (commit)
      from  2f61bc17d42bce0d5958cabc971f4f1343353fb3 (commit)


- Log -----------------------------------------------------------------
commit e54f0c9b2fe3dd2dcb5e8100e2c69e5b2f6eb681
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Jun 23 08:54:12 2021 +0100

    Avoid "excessive message size" for session tickets
    
    We received a report of an "excessive message size" for a received
    session ticket. Our maximum size was significantly less than the theoretical
    maximum. The server may put any data it likes in the session ticket
    including (for example) the full certificate chain so we should be able to
    handle longer tickets. Update the value to the maximum allowed by the spec.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15877)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_clnt.c  | 3 ++-
 ssl/statem/statem_local.h | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 472a4a366b..d5aa8797ff 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -996,7 +996,8 @@ size_t ossl_statem_client_max_message_size(SSL *s)
         return CCS_MAX_LENGTH;
 
     case TLS_ST_CR_SESSION_TICKET:
-        return SSL3_RT_MAX_PLAIN_LENGTH;
+        return (SSL_IS_TLS13(s)) ? SESSION_TICKET_MAX_LENGTH_TLS13
+                                 : SESSION_TICKET_MAX_LENGTH_TLS12;
 
     case TLS_ST_CR_FINISHED:
         return FINISHED_MAX_LENGTH;
diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h
index 25bfdffc6c..1883b0166f 100644
--- a/ssl/statem/statem_local.h
+++ b/ssl/statem/statem_local.h
@@ -21,6 +21,8 @@
 #define END_OF_EARLY_DATA_MAX_LENGTH    0
 #define HELLO_RETRY_REQUEST_MAX_LENGTH  20000
 #define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000
+#define SESSION_TICKET_MAX_LENGTH_TLS13 131338
+#define SESSION_TICKET_MAX_LENGTH_TLS12 65541
 #define SERVER_KEY_EXCH_MAX_LENGTH      102400
 #define SERVER_HELLO_DONE_MAX_LENGTH    0
 #define KEY_UPDATE_MAX_LENGTH           1


More information about the openssl-commits mailing list