root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

TLSv1.3 alerts cannot be fragmented and only one per record 

We should be validating that.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3436)
This commit is contained in:
Matt Caswell 2017-05-11 10:16:34 +01:00
parent 3c544acc38
commit 0b367d7955
3 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/openssl/ssl.h
View File

@ -2650,6 +2650,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_INAPPROPRIATE_FALLBACK 373
# define SSL_R_INCONSISTENT_COMPRESSION 340
# define SSL_R_INCONSISTENT_EXTMS 104
# define SSL_R_INVALID_ALERT 205
# define SSL_R_INVALID_COMMAND 280
# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
# define SSL_R_INVALID_CONFIGURATION_NAME 113

14
ssl/record/rec_layer_s3.c
View File

@ -1422,6 +1422,20 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (SSL3_RECORD_get_length(rr) == 0)
SSL3_RECORD_set_read(rr);
if (SSL_IS_TLS13(s)
&& SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
if (*dest_len < dest_maxlen
|| SSL3_RECORD_get_length(rr) != 0) {
/*
* TLSv1.3 forbids fragmented alerts, and only one alert
* may be present in a record
*/
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INVALID_ALERT);
goto f_err;
}
}
if (*dest_len < dest_maxlen)
goto start; /* fragment was too small */
}

1
ssl/ssl_err.c
View File

@ -609,6 +609,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"},
{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"},
{ERR_REASON(SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"},
{ERR_REASON(SSL_R_INVALID_ALERT), "invalid alert"},
{ERR_REASON(SSL_R_INVALID_COMMAND), "invalid command"},
{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),
"invalid compression algorithm"},