Account for additional record expansion when using CIDs

Using the Connection ID extension increases the maximum record expansion because - the real record content type is added to the plaintext - the plaintext may be padded with an arbitrary number of zero bytes, in order to prevent leakage of information through package length analysis. Currently, we always pad the plaintext in a minimal way so that its length is a multiple of 16 Bytes. This commit adapts the various parts of the library to account for that additional source of record expansion.
2019-05-08 15:40:11 +01:00 · 2019-05-08 15:40:11 +01:00 · 6cbad5560d
commit 6cbad5560d
parent ad4a137965
2 changed files with 27 additions and 1 deletions
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -175,10 +175,19 @@
 #define MBEDTLS_SSL_PADDING_ADD              0
 #endif

+#if defined(MBEDTLS_SSL_CID)
+#define MBEDTLS_SSL_MAX_CID_EXPANSION       16 /* Currently, we pad records
+                                                * to lengths which are multiples
+                                                * of 16 Bytes. */
+#else
+#define MBEDTLS_SSL_MAX_CID_EXPANSION        0
+#endif
+
 #define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD +    \
                                       MBEDTLS_MAX_IV_LENGTH +          \
                                       MBEDTLS_SSL_MAC_ADD +            \
-                                       MBEDTLS_SSL_PADDING_ADD          \
+                                       MBEDTLS_SSL_PADDING_ADD +        \
+                                       MBEDTLS_SSL_MAX_CID_EXPANSION    \
                                       )

 #define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
@ -231,11 +240,23 @@
   implicit sequence number. */
 #define MBEDTLS_SSL_HEADER_LEN 13

+#if defined(MBEDTLS_SSL_CID)
 #define MBEDTLS_SSL_IN_BUFFER_LEN  \
    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
+#else
+#define MBEDTLS_SSL_IN_BUFFER_LEN  \
+    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \
+      + ( MBEDTLS_SSL_CID_IN_LEN_MAX ) )
+#endif

+#if defined(MBEDTLS_SSL_CID)
 #define MBEDTLS_SSL_OUT_BUFFER_LEN  \
    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
+#else
+#define MBEDTLS_SSL_OUT_BUFFER_LEN                               \
+    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN )    \
+      + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
+#endif

 #ifdef MBEDTLS_ZLIB_SUPPORT
 /* Compression buffer holds both IN and OUT buffers, so should be size of the larger */