mirrors/XTLS_REALITY
0
0
Fork 0
mirror of https://github.com/XTLS/REALITY.git synced 2025-08-22 14:38:35 +00:00
Code

crypto/tls: allow 256KiB certificate messages

Browse Source 
During handshake, lift the message length limit, but only for
certificate messages.

Fixes #50773

Change-Id: Ida9d83f4219c4386ca71ed3ef72b22259665a187
Reviewed-on: https://go-review.googlesource.com/c/go/+/585402
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
This commit is contained in:
yuhan6665 2024-08-18 23:25:25 -04:00
parent b6a62e9ae9
commit 0eb1df22cf
2 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
common.go
View File

@ -58,12 +58,13 @@ func VersionName(version uint16) string {
} }
const ( const (
maxPlaintext = 16384 // maximum plaintext payload length maxPlaintext = 16384 // maximum plaintext payload length
maxCiphertext = 16384 + 2048 // maximum ciphertext payload length maxCiphertext = 16384 + 2048 // maximum ciphertext payload length
maxCiphertextTLS13 = 16384 + 256 // maximum ciphertext length in TLS 1.3 maxCiphertextTLS13 = 16384 + 256 // maximum ciphertext length in TLS 1.3
recordHeaderLen = 5 // record header length recordHeaderLen = 5 // record header length
maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB) maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB)
maxUselessRecords = 32 // maximum number of consecutive non-advancing records maxHandshakeCertificateMsg = 262144 // maximum certificate message size (256 KiB)
maxUselessRecords = 16 // maximum number of consecutive non-advancing records
) )
// TLS record types. // TLS record types.

16
conn.go
View File

@ -1152,10 +1152,22 @@ func (c *Conn) readHandshake(transcript transcriptHash) (any, error) {
} }
data := c.hand.Bytes() data := c.hand.Bytes()
maxHandshakeSize := maxHandshake
// hasVers indicates we're past the first message, forcing someone trying to
// make us just allocate a large buffer to at least do the initial part of
// the handshake first.
if c.haveVers && data[0] == typeCertificate {
// Since certificate messages are likely to be the only messages that
// can be larger than maxHandshake, we use a special limit for just
// those messages.
maxHandshakeSize = maxHandshakeCertificateMsg
}
n := int(data[1])<<16 | int(data[2])<<8 | int(data[3]) n := int(data[1])<<16 | int(data[2])<<8 | int(data[3])
if n > maxHandshake { if n > maxHandshakeSize {
c.sendAlertLocked(alertInternalError) c.sendAlertLocked(alertInternalError)
return nil, c.in.setErrorLocked(fmt.Errorf("tls: handshake message of length %d bytes exceeds maximum of %d bytes", n, maxHandshake)) return nil, c.in.setErrorLocked(fmt.Errorf("tls: handshake message of length %d bytes exceeds maximum of %d bytes", n, maxHandshakeSize))
} }
if err := c.readHandshakeBytes(4 + n); err != nil { if err := c.readHandshakeBytes(4 + n); err != nil {
return nil, err return nil, err