TLSv1.3 alerts cannot be fragmented and only one per record (0b367d79) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

include/openssl/ssl.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -2650,6 +2650,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_R_INAPPROPRIATE_FALLBACK 373
		# define SSL_R_INCONSISTENT_COMPRESSION 340
		# define SSL_R_INCONSISTENT_EXTMS 104
		# define SSL_R_INVALID_ALERT 205
		# define SSL_R_INVALID_COMMAND 280
		# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
		# define SSL_R_INVALID_CONFIGURATION_NAME 113

+14 −0

Original line number	Diff line number	Diff line
		@@ -1422,6 +1422,20 @@ int ssl3_read_bytes(SSL s, int type, int recvd_type, unsigned char *buf,
		if (SSL3_RECORD_get_length(rr) == 0)
		SSL3_RECORD_set_read(rr);

		if (SSL_IS_TLS13(s)
		&& SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
		if (*dest_len < dest_maxlen
		\|\| SSL3_RECORD_get_length(rr) != 0) {
		/*
		* TLSv1.3 forbids fragmented alerts, and only one alert
		* may be present in a record
		*/
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INVALID_ALERT);
		goto f_err;
		}
		}

		if (*dest_len < dest_maxlen)
		goto start; /* fragment was too small */
		}

+1 −0

Original line number	Diff line number	Diff line
		@@ -609,6 +609,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
		{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"},
		{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"},
		{ERR_REASON(SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"},
		{ERR_REASON(SSL_R_INVALID_ALERT), "invalid alert"},
		{ERR_REASON(SSL_R_INVALID_COMMAND), "invalid command"},
		{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),
		"invalid compression algorithm"},