diff options
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | lib/constate.c | 11 | ||||
-rw-r--r-- | lib/record.c | 4 |
3 files changed, 15 insertions, 4 deletions
@@ -15,10 +15,14 @@ See the end for copying conditions. ** libgnutls: add gnutls_aead_cipher_encryptv2 and gnutls_aead_cipher_decryptv2 functions that will perform in-place encryption/decryption on data buffers (#718). +** libgnutls: added interoperability tests with gnutls 2.12.x; addressed + issue with large record handling due to random padding (#811). + ** API and ABI modifications: gnutls_aead_cipher_encryptv2: Added gnutls_aead_cipher_decryptv2: Added + * Version 3.6.9 (released 2019-07-25) ** libgnutls: add gnutls_hash_copy/gnutls_hmac_copy functions that will create a copy diff --git a/lib/constate.c b/lib/constate.c index 51a4eca30a..4c6ca0fd0f 100644 --- a/lib/constate.c +++ b/lib/constate.c @@ -707,10 +707,17 @@ int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch, hs_stage_t return gnutls_assert_val(ret); } - if (ver->tls13_sem) { + /* The TLS1.3 limit of 256 additional bytes is also enforced under CBC + * ciphers to ensure we interoperate with gnutls 2.12.x which could add padding + * data exceeding the maximum. */ + if (ver->tls13_sem || _gnutls_cipher_type(params->cipher) == CIPHER_BLOCK) { session->internals.max_recv_size = 256; } else { - session->internals.max_recv_size = _gnutls_record_overhead(ver, params->cipher, params->mac, 1); + session->internals.max_recv_size = 0; + } + + if (!ver->tls13_sem) { + session->internals.max_recv_size += _gnutls_record_overhead(ver, params->cipher, params->mac, 1); if (session->internals.allow_large_records != 0) session->internals.max_recv_size += EXTRA_COMP_SIZE; } diff --git a/lib/record.c b/lib/record.c index 39d2a16be2..7c7e365611 100644 --- a/lib/record.c +++ b/lib/record.c @@ -1219,8 +1219,8 @@ static int recv_headers(gnutls_session_t session, if (record->length == 0 || record->length > max_record_recv_size(session)) { _gnutls_audit_log - (session, "Received packet with illegal length: %u\n", - (unsigned int) record->length); + (session, "Received packet with illegal length: %u (max: %u)\n", + (unsigned int) record->length, (unsigned)max_record_recv_size(session)); if (record->length == 0) { /* Empty, unencrypted records are always unexpected. */ |