Merge branch 'ingela/ssl/hs-stream/OTP-14138' into maint

* ingela/ssl/hs-stream/OTP-14138: ssl: Handle really big handshake packages
author: Ingela Anderton Andin <[email protected]> 2017-01-17 10:11:13 +0100
committer: Ingela Anderton Andin <[email protected]> 2017-01-17 10:11:13 +0100
commit: a44947369f44cb334ca45dbecca2e3f878af8229 (patch)
tree: e73bf8261bf9630b7070770b418c5947b2efaeac /lib
parent: 228e34eb3eb75dd0cac1c7137861ee4a7b5b3f69 (diff)
parent: 1364c7308e17d43d1a2244e3f2bf11cfec3789ef (diff)
download: otp-a44947369f44cb334ca45dbecca2e3f878af8229.tar.gz
otp-a44947369f44cb334ca45dbecca2e3f878af8229.tar.bz2
otp-a44947369f44cb334ca45dbecca2e3f878af8229.zip
6 files changed, 83 insertions, 15 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index edc7e0d8b2..916b41742e 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -424,6 +424,14 @@ marker="public_key:public_key#pkix_path_validation-3">public_key:pkix_path_valid
 	    </taglist>
 
 	  </item>
+
+	  <tag><c>max_handshake_size</c></tag>
+	  <item>
+	    <p>Integer (24 bits unsigned). Used to limit the size of
+	    valid TLS handshake packets to avoid DoS attacks.
+	    Defaults to 256*1024.</p>
+          </item>
+          
 	</taglist>
 
       </item>
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index c72ee44a95..0b7229b67e 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -765,7 +765,8 @@ handle_options(Opts0, Role) ->
 					     client, Role),
 		    crl_check = handle_option(crl_check, Opts, false),
 		    crl_cache = handle_option(crl_cache, Opts, {ssl_crl_cache, {internal, []}}),
-		    v2_hello_compatible = handle_option(v2_hello_compatible, Opts, false)
+		    v2_hello_compatible = handle_option(v2_hello_compatible, Opts, false),
+                    max_handshake_size = handle_option(max_handshake_size, Opts, ?DEFAULT_MAX_HANDSHAKE_SIZE)
 		   },
 
     CbInfo  = proplists:get_value(cb_info, Opts, default_cb_info(Protocol)),
@@ -780,7 +781,8 @@ handle_options(Opts0, Role) ->
 		  alpn_preferred_protocols, next_protocols_advertised,
 		  client_preferred_next_protocols, log_alert,
 		  server_name_indication, honor_cipher_order, padding_check, crl_check, crl_cache,
-		  fallback, signature_algs, eccs, honor_ecc_order, beast_mitigation, v2_hello_compatible],
+		  fallback, signature_algs, eccs, honor_ecc_order, beast_mitigation, v2_hello_compatible,
+                  max_handshake_size],
 
     SockOpts = lists:foldl(fun(Key, PropList) ->
 				   proplists:delete(Key, PropList)
@@ -1028,6 +1030,8 @@ validate_option(beast_mitigation, Value) when Value == one_n_minus_one orelse
   Value;
 validate_option(v2_hello_compatible, Value) when is_boolean(Value)  ->
     Value;
+validate_option(max_handshake_size, Value) when is_integer(Value)  andalso Value =< ?MAX_UNIT24 ->
+    Value;
 validate_option(Opt, Value) ->
     throw({error, {options, {Opt, Value}}}).
 
diff --git a/lib/ssl/src/ssl_handshake.hrl b/lib/ssl/src/ssl_handshake.hrl
index fde92035a2..324b7dbde3 100644
--- a/lib/ssl/src/ssl_handshake.hrl
+++ b/lib/ssl/src/ssl_handshake.hrl
@@ -80,6 +80,9 @@
 -define(CLIENT_KEY_EXCHANGE, 16).
 -define(FINISHED, 20).
 
+-define(MAX_UNIT24, 8388607).
+-define(DEFAULT_MAX_HANDSHAKE_SIZE,  (256*1024)).
+
 -record(random, {
 	  gmt_unix_time, % uint32
 	  random_bytes   % opaque random_bytes[28]
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 98b89bb811..c34af9f82c 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -142,7 +142,8 @@
 	  signature_algs,
 	  eccs,
 	  honor_ecc_order            :: boolean(),
-	  v2_hello_compatible        :: boolean()
+	  v2_hello_compatible        :: boolean(),
+          max_handshake_size         :: integer()
 	  }).
 
 -record(socket_options,
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 32991d3079..77606911be 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -424,18 +424,26 @@ handle_common_event(internal,  #ssl_tls{type = ?HANDSHAKE, fragment = Data},
 				      ssl_options = Options} = State0) ->
     try
 	{Packets, Buf} = tls_handshake:get_tls_handshake(Version,Data,Buf0, Options),
-	State =
+	State1 =
 	    State0#state{protocol_buffers =
 			     Buffers#protocol_buffers{tls_handshake_buffer = Buf}},
-	Events = tls_handshake_events(Packets),
-	case StateName of
-	    connection ->
-		ssl_connection:hibernate_after(StateName, State, Events);
-	    _ ->
-		{next_state, StateName, State#state{unprocessed_handshake_events = unprocessed_events(Events)}, Events}
-	end
+	case Packets of
+            [] -> 
+                assert_buffer_sanity(Buf, Options),
+                {Record, State} = next_record(State1),
+                next_event(StateName, Record, State);
+            _ ->                
+                Events = tls_handshake_events(Packets),
+                case StateName of
+                    connection ->
+                        ssl_connection:hibernate_after(StateName, State1, Events);
+                    _ ->
+                        {next_state, StateName, 
+                         State1#state{unprocessed_handshake_events = unprocessed_events(Events)}, Events}
+                end
+        end
     catch throw:#alert{} = Alert ->
-	    ssl_connection:handle_own_alert(Alert, Version, StateName, State0)
+            ssl_connection:handle_own_alert(Alert, Version, StateName, State0)
     end;
 %%% TLS record protocol level application data messages 
 handle_common_event(internal, #ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, StateName, State) ->
@@ -615,8 +623,6 @@ next_event(StateName, Record, State, Actions) ->
 	    {next_state, StateName, State, [{next_event, internal, Alert} | Actions]}
     end.
 
-tls_handshake_events([]) ->
-    throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, malformed_handshake));
 tls_handshake_events(Packets) ->
     lists:map(fun(Packet) ->
 		      {next_event, internal, {handshake, Packet}}
@@ -735,3 +741,25 @@ unprocessed_events(Events) ->
     %% handshake events left to process before we should
     %% process more TLS-records received on the socket. 
     erlang:length(Events)-1.
+
+
+assert_buffer_sanity(<<?BYTE(_Type), ?UINT24(Length), Rest/binary>>, #ssl_options{max_handshake_size = Max}) when 
+      Length =< Max ->  
+    case size(Rest) of
+        N when N < Length ->
+            true;
+        N when N > Length ->       
+            throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, 
+                             too_big_handshake_data));
+        _ ->
+            throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, 
+                             malformed_handshake_data))  
+    end;  
+assert_buffer_sanity(Bin, _) ->
+    case size(Bin) of
+        N when N < 3 ->
+            true;
+        _ ->       
+            throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, 
+                             malformed_handshake_data))
+    end.  
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 52c1af5b4c..de5895d7ba 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -136,7 +136,8 @@ options_tests() ->
      honor_server_cipher_order,
      honor_client_cipher_order,
      unordered_protocol_versions_server,
-     unordered_protocol_versions_client
+     unordered_protocol_versions_client,
+     max_handshake_size
 ].
 
 options_tests_tls() ->
@@ -3860,6 +3861,29 @@ unordered_protocol_versions_client(Config) when is_list(Config) ->
     ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg).
   
 %%--------------------------------------------------------------------
+max_handshake_size() ->
+    [{doc,"Test that we can set max_handshake_size to max value."}].
+
+max_handshake_size(Config) when is_list(Config) -> 
+    ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+    ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),  
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+					{from, self()}, 
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options,  [{max_handshake_size, 8388607} |ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
+    
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+					{host, Hostname},
+					{from, self()}, 
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, [{max_handshake_size, 8388607} | ClientOpts]}]),
+ 
+    ssl_test_lib:check_result(Server, ok, Client, ok).
+  
+%%--------------------------------------------------------------------
 
 server_name_indication_option() ->
     [{doc,"Test API server_name_indication option to connect."}].
author	Ingela Anderton Andin <[email protected]>	2017-01-17 10:11:13 +0100
committer	Ingela Anderton Andin <[email protected]>	2017-01-17 10:11:13 +0100
commit	a44947369f44cb334ca45dbecca2e3f878af8229 (patch)
tree	e73bf8261bf9630b7070770b418c5947b2efaeac /lib
parent	228e34eb3eb75dd0cac1c7137861ee4a7b5b3f69 (diff)
parent	1364c7308e17d43d1a2244e3f2bf11cfec3789ef (diff)
download	otp-a44947369f44cb334ca45dbecca2e3f878af8229.tar.gz otp-a44947369f44cb334ca45dbecca2e3f878af8229.tar.bz2 otp-a44947369f44cb334ca45dbecca2e3f878af8229.zip