docs: add rfc citations (aws#4202)

goatgoose · Sep 20, 2023 · fef3e5a · fef3e5a
1 parent 9d1e6c8
commit fef3e5a
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 6 deletions.
diff --git a/compliance/initialize_duvet.sh b/compliance/initialize_duvet.sh
@@ -7,4 +7,6 @@ duvet extract https://tools.ietf.org/rfc/rfc8448 # Example Handshake Traces for
 duvet extract https://tools.ietf.org/rfc/rfc7627 # Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
 duvet extract https://tools.ietf.org/rfc/rfc5746 # Transport Layer Security (TLS) Renegotiation Indication Extension
 duvet extract https://tools.ietf.org/rfc/rfc4492 # Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)
+duvet extract https://tools.ietf.org/rfc/rfc8422 # Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier
+
 
diff --git a/tls/extensions/s2n_ec_point_format.c b/tls/extensions/s2n_ec_point_format.c
@@ -64,9 +64,17 @@ static int s2n_ec_point_format_send(struct s2n_connection *conn, struct s2n_stuf
 
 static int s2n_ec_point_format_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
 {
-    /**
-     * Only uncompressed points are supported by the server and the client must include it in
+    /* Only uncompressed points are supported by the server and the client must include it in
      * the extension. Just skip the extension.
+     *
+     *= https://tools.ietf.org/rfc/rfc8422#section-5.1.2
+     *= type=exception
+     *= reason=Incorrect implementations exist in the wild. Skipping validation.
+     *# If the client sends the extension and the extension does not contain
+     *# the uncompressed point format, and the client has used the Supported
+     *# Groups extension to indicate support for any of the curves defined in
+     *# this specification, then the server MUST abort the handshake and
+     *# return an illegal_parameter alert.
      */
     conn->ec_point_formats = 1;
     return S2N_SUCCESS;

diff --git a/tls/s2n_record_read.c b/tls/s2n_record_read.c
@@ -106,12 +106,19 @@ int s2n_record_header_parse(
     S2N_ERROR_IF(conn->actual_protocol_version_established && MIN(conn->actual_protocol_version, S2N_TLS12) /* check against legacy record version (1.2) in tls 1.3 */
                             != version,
             S2N_ERR_BAD_MESSAGE);
-    POSIX_GUARD(s2n_stuffer_read_uint16(in, fragment_length));
 
-    /* Some servers send fragments that are above the maximum length.  (e.g.
-     * Openssl 1.0.1, so we don't check if the fragment length is >
-     * S2N_TLS_MAXIMUM_FRAGMENT_LENGTH. The on-the-wire max is 65k
+    /* Some servers send fragments that are above the maximum length (e.g.
+     * Openssl 1.0.1), so we don't check if the fragment length is >
+     * S2N_TLS_MAXIMUM_FRAGMENT_LENGTH. We allow up to 2^16.
+     *
+     *= https://tools.ietf.org/rfc/rfc8446#section-5.1
+     *= type=exception
+     *= reason=Incorrect implementations exist in the wild. Ignoring instead.
+     *# The length MUST NOT exceed 2^14 bytes.  An
+     *# endpoint that receives a record that exceeds this length MUST
+     *# terminate the connection with a "record_overflow" alert.
      */
+    POSIX_GUARD(s2n_stuffer_read_uint16(in, fragment_length));
     POSIX_GUARD(s2n_stuffer_reread(in));
 
     return 0;