Update SERVER_HELLO_MAX_LENGTH

Update constant to maximum permitted by RFC 8446 Fixes #13868 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13874)
author: Michael Baentsch <info@baentsch.ch> 2021-01-15 11:40:31 +0100
committer: Matt Caswell <matt@openssl.org> 2021-01-18 10:06:34 +0100
commit: 3aff5b4bac7186fda9208a76127eff040cafae13 (patch)
tree: fe410c87959abb4a6cbbf3a59b336b0b35e6eb62 /ssl
parent: replace all BIO_R_NULL_PARAMETER by ERR_R_PASSED_NULL_PARAMETER (diff)
download: openssl-3aff5b4bac7186fda9208a76127eff040cafae13.tar.xz
openssl-3aff5b4bac7186fda9208a76127eff040cafae13.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h
index 9e03b7d363..40c3724bed 100644
--- a/ssl/statem/statem_local.h
+++ b/ssl/statem/statem_local.h
@@ -19,13 +19,16 @@
 /* The spec allows for a longer length than this, but we limit it */
 #define HELLO_VERIFY_REQUEST_MAX_LENGTH 258
 #define END_OF_EARLY_DATA_MAX_LENGTH    0
-#define SERVER_HELLO_MAX_LENGTH         20000
 #define HELLO_RETRY_REQUEST_MAX_LENGTH  20000
 #define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000
 #define SERVER_KEY_EXCH_MAX_LENGTH      102400
 #define SERVER_HELLO_DONE_MAX_LENGTH    0
 #define KEY_UPDATE_MAX_LENGTH           1
 #define CCS_MAX_LENGTH                  1
+
+/* Max ServerHello size permitted by RFC 8446 */
+#define SERVER_HELLO_MAX_LENGTH         65607
+
 /* Max should actually be 36 but we are generous */
 #define FINISHED_MAX_LENGTH             64
author	Michael Baentsch <info@baentsch.ch>	2021-01-15 11:40:31 +0100
committer	Matt Caswell <matt@openssl.org>	2021-01-18 10:06:34 +0100
commit	3aff5b4bac7186fda9208a76127eff040cafae13 (patch)
tree	fe410c87959abb4a6cbbf3a59b336b0b35e6eb62 /ssl
parent	replace all BIO_R_NULL_PARAMETER by ERR_R_PASSED_NULL_PARAMETER (diff)
download	openssl-3aff5b4bac7186fda9208a76127eff040cafae13.tar.xz openssl-3aff5b4bac7186fda9208a76127eff040cafae13.zip