Commit 8a18bc25 authored by Alessandro Ghedini's avatar Alessandro Ghedini Committed by Rich Salz
Browse files

Increment size limit for ClientHello messages 



The current limit of 2^14 bytes is too low (e.g. RFC 5246 specifies the
maximum size of just the extensions field to be 2^16-1), and may cause
bogus failures.

RT#4063

Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/413)
parent c32b9dca

ssl/statem/statem_srvr.c

+18 −1
Original line number Diff line number Diff line
@@ -747,6 +747,23 @@ int ossl_statem_server_construct_message(SSL *s) 
    return 0;

}



/*

 * Maximum size (excluding the Handshake header) of a ClientHello message,

 * calculated as follows:

 *

 *  2 + # client_version

 *  32 + # only valid length for random

 *  1 + # length of session_id

 *  32 + # maximum size for session_id

 *  2 + # length of cipher suites

 *  2^16-2 + # maximum length of cipher suites array

 *  1 + # length of compression_methods

 *  2^8-1 + # maximum length of compression methods

 *  2 + # length of extensions

 *  2^16-1 # maximum length of extensions

 */

#define CLIENT_HELLO_MAX_LENGTH         131396



#define CLIENT_KEY_EXCH_MAX_LENGTH      2048

#define NEXT_PROTO_MAX_LENGTH           514
@@ -760,7 +777,7 @@ unsigned long ossl_statem_server_max_message_size(SSL *s) 


    switch(st->hand_state) {

    case TLS_ST_SR_CLNT_HELLO:

        return SSL3_RT_MAX_PLAIN_LENGTH;

        return CLIENT_HELLO_MAX_LENGTH;



    case TLS_ST_SR_CERT:

        return s->max_cert_list;