Merge branch 'tmp-interop-old-gnutls' into 'master'

Do not forbid excess random padding in TLS1.x CBC ciphersuites

Closes #811

See merge request gnutls/gnutls!1054

2 files changed, 11 insertions, 4 deletions

diff --git a/lib/constate.c b/lib/constate.c
index 51a4eca30a..4c6ca0fd0f 100644
--- a/lib/constate.c
+++ b/lib/constate.c
@@ -707,10 +707,17 @@ int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch, hs_stage_t
 			return gnutls_assert_val(ret);
 	}
 
-	if (ver->tls13_sem) {
+	/* The TLS1.3 limit of 256 additional bytes is also enforced under CBC
+	 * ciphers to ensure we interoperate with gnutls 2.12.x which could add padding
+	 * data exceeding the maximum. */
+	if (ver->tls13_sem || _gnutls_cipher_type(params->cipher) == CIPHER_BLOCK) {
 		session->internals.max_recv_size = 256;
 	} else {
-		session->internals.max_recv_size = _gnutls_record_overhead(ver, params->cipher, params->mac, 1);
+		session->internals.max_recv_size = 0;
+	}
+
+	if (!ver->tls13_sem) {
+		session->internals.max_recv_size += _gnutls_record_overhead(ver, params->cipher, params->mac, 1);
 		if (session->internals.allow_large_records != 0)
 			session->internals.max_recv_size += EXTRA_COMP_SIZE;
 	}
diff --git a/lib/record.c b/lib/record.c
index 39d2a16be2..7c7e365611 100644
--- a/lib/record.c
+++ b/lib/record.c
@@ -1219,8 +1219,8 @@ static int recv_headers(gnutls_session_t session,
 
 	if (record->length == 0 || record->length > max_record_recv_size(session)) {
 		_gnutls_audit_log
-		    (session, "Received packet with illegal length: %u\n",
-		     (unsigned int) record->length);
+		    (session, "Received packet with illegal length: %u (max: %u)\n",
+		     (unsigned int) record->length, (unsigned)max_record_recv_size(session));
 
 		if (record->length == 0) {
 			/* Empty, unencrypted records are always unexpected. */