eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Account for additional record expansion when using CIDs

Browse source 
Using the Connection ID extension increases the maximum record expansion
because
- the real record content type is added to the plaintext
- the plaintext may be padded with an arbitrary number of
  zero bytes, in order to prevent leakage of information
  through package length analysis. Currently, we always
  pad the plaintext in a minimal way so that its length
  is a multiple of 16 Bytes.

This commit adapts the various parts of the library to account
for that additional source of record expansion.
This commit is contained in:
Hanno Becker 2019-05-08 15:40:11 +01:00
parent ad4a137965
commit 6cbad5560d
2 changed files with 27 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
library/ssl_tls.c
View file

@ -9261,6 +9261,11 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#if defined(MBEDTLS_SSL_CID)
if( transform->out_cid_len != 0 )
transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION;
#endif /* MBEDTLS_SSL_CID */
return( (int)( out_hdr_len + transform_expansion ) );
}