range: make length hiding always usable under TLS 1.3

This patch reintroduce the extended record padding mode removed in
commit 7df219f0.  Under TLS 1.3, the padding mode can be implemented
in the record protocol.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

1 files changed, 20 insertions, 4 deletions

diff --git a/lib/range.c b/lib/range.c
index c2e5da3960..e88f2a6a0b 100644
--- a/lib/range.c
+++ b/lib/range.c
@@ -50,6 +50,10 @@ _gnutls_range_max_lh_pad(gnutls_session_t session, ssize_t data_length,
 	ssize_t this_pad;
 	ssize_t block_size;
 	ssize_t tag_size, overflow;
+	const version_entry_st *vers = get_version(session);
+
+	if (unlikely(vers == NULL))
+		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
 	ret =
 	    _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT,
@@ -58,11 +62,16 @@ _gnutls_range_max_lh_pad(gnutls_session_t session, ssize_t data_length,
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 	}
 
-	if (record_params->write.is_aead) /* not yet ready */
+	if (!vers->tls13_sem && record_params->write.is_aead) /* not yet ready */
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
-	max_pad = MAX_PAD_SIZE;
-	fixed_pad = 1;
+	if (vers->tls13_sem) {
+		max_pad = max_user_send_size(session, record_params);
+		fixed_pad = 2;
+	} else {
+		max_pad = MAX_PAD_SIZE;
+		fixed_pad = 1;
+	}
 
 	this_pad = MIN(max_pad, max_frag - data_length);
 
@@ -108,9 +117,16 @@ int gnutls_record_can_use_length_hiding(gnutls_session_t session)
 {
 	int ret;
 	record_parameters_st *record_params;
+	const version_entry_st *vers = get_version(session);
+
+	if (unlikely(vers == NULL))
+		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+	if (vers->tls13_sem)
+		return 1;
 
 #ifdef ENABLE_SSL3
-	if (get_num_version(session) == GNUTLS_SSL3)
+	if (vers->id == GNUTLS_SSL3)
 		return 0;
 #endif