excessive m essage size

[Antony Uspensky]

OpenSSL self-test report:
 
OpenSSL version:  0.9.6
Last change:      In ssl23_get_client_hello, generate an error message
wh...
OS (uname):       Linux dev.infoart.spb.su 2.2.14-5.0 #1 Tue Mar 7
20:53:41 EST 2000 i586 unknown
OS (config):      i586-whatever-linux2
Target (default): ??
Target:           debug-linux-elf
Compiler:         gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2
release)
 
Test passed.

===================

Application:

symmetrical secure channel, SSL object is made as a state machine
(non-blocking transport).
method: TLSv1.
cipher: RC4-MD5.
certs: X509v3.
verify depth: 1.
RSA keys for both peers and a CA: 4096 bits.

===================

Problem description:

Trying to use 4096 bit RSA keys I get a error in SSL_accept ():

error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size

The error is signaled only if RSA key length is more then ~3500 bits
(3072 bit keys are still OK).

===================

Stack at the point where the error is triggered:

#0  ssl3_get_message (s=0x80e39f8,
                      st1=8592 (SSL3_ST_SR_KEY_EXCH_A),
                      stn=8593 (SSL3_ST_SR_KEY_EXCH_B),
                      mt=16 (SSL3_MT_CLIENT_KEY_EXCHANGE),
                      max=400,
                      ok=0xbfff757c) at s3_both.c:415
#1  0x8058f5b in ssl3_get_client_key_exchange (s=0x80e39f8) at
s3_srvr.c:1261
#2  0x8057439 in ssl3_accept (s=0x80e39f8) at s3_srvr.c:372
#3  0x804ef48 in SSL_accept (s=0x80e39f8) at ssl_lib.c:691

The error is triggered by operator

if ( l > (unsigned long) max ) {} at s3_both.c:415

where l is 
508 in the case of 4048 bit RSA keys,
514 in the case of 4096 bit RSA keys,
642 in the case of 5120 bit RSA keys etc.
(but 386 in the case of 3072 bit RSA keys)

===================

Suggestion:

Hardcoded value for 'max' parameter of ssl3_get_message () at
s3_srvr.c:1265 should be considered as a bug because long keys become
more popular and used more often. It would be better to replace
hardcoded value by regression if possible (sorry, I do not familiar
with the SSL handshake protocol) or at least give the message more
room (say, 16384 bytes for next 10 years).

A.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]