Limit the number of KeyUpdate messages we can process

author Matt Caswell <matt@openssl.org>

Mon, 13 Feb 2017 11:55:38 +0000 (11:55 +0000)

committer Matt Caswell <matt@openssl.org>

Fri, 17 Feb 2017 10:28:00 +0000 (10:28 +0000)
author Matt Caswell <matt@openssl.org>
Mon, 13 Feb 2017 11:55:38 +0000 (11:55 +0000)
committer Matt Caswell <matt@openssl.org>
Fri, 17 Feb 2017 10:28:00 +0000 (10:28 +0000)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h

index 72f835460ad99e05ac6535417e6124c41695a7b5..da5d1d09d2d3d1b7a61704ba794429832b2bcaef 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2622,6 +2622,7 @@ int ERR_load_SSL_strings(void);
  # define SSL_R_TLS_HEARTBEAT_PENDING                      366
  # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
  # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
+# define SSL_R_TOO_MANY_KEY_UPDATES                       132
  # define SSL_R_TOO_MANY_WARN_ALERTS                       409
  # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
  # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c

index ec2b41dabf4129d7f51fca09813d2f6610a81a7f..341712cdb71469bf7267f71b1cb0813f0ae9946c 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -764,6 +764,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
       "tls illegal exporter label"},
      {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
       "tls invalid ecpointformat list"},
+    {ERR_REASON(SSL_R_TOO_MANY_KEY_UPDATES), "too many key updates"},
      {ERR_REASON(SSL_R_TOO_MANY_WARN_ALERTS), "too many warn alerts"},
      {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),
       "unable to find ecdh parameters"},
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index 12eba2130eb0cdbf19e45ff136ffd2946fb4f548..31afe10f102796c181c070e433ba79da6f6060f6 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -996,6 +996,10 @@ struct ssl_st {
      EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
      unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */
      EVP_MD_CTX *write_hash;     /* used for mac generation */
+
+    /* Count of how many KeyUpdate messages we have received */
+    unsigned int key_update_count;
+
      /* session info */
      /* client cert? */
      /* This is used to hold the server certificate used */
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c

index 809fe6fd506d26c5ad657f7ee5bcd5e38bf1f846..5e194e886afe73d2be23447a4a68b6ee955e3668 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -510,12 +510,20 @@ int tls_construct_key_update(SSL *s, WPACKET *pkt)
      return 0;
  }
  
+#define MAX_KEY_UPDATE_MESSAGES     32
  
  MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
  {
      int al;
      unsigned int updatetype;
  
+    s->key_update_count++;
+    if (s->key_update_count > MAX_KEY_UPDATE_MESSAGES) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_TLS_PROCESS_KEY_UPDATE, SSL_R_TOO_MANY_KEY_UPDATES);
+        goto err;
+    }
+
      if (!PACKET_get_1(pkt, &updatetype)
              || PACKET_remaining(pkt) != 0
              || (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
author	Matt Caswell <matt@openssl.org>
	Mon, 13 Feb 2017 11:55:38 +0000 (11:55 +0000)
committer	Matt Caswell <matt@openssl.org>
	Fri, 17 Feb 2017 10:28:00 +0000 (10:28 +0000)
include/openssl/ssl.h		patch \| blob \| history
ssl/ssl_err.c		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history
ssl/statem/statem_lib.c		patch \| blob \| history