diff options
author | Jacob Keeler <jacob.keeler@livioradio.com> | 2021-03-05 16:29:53 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-05 16:29:53 -0500 |
commit | 29589f7925619f0eae8dbc6d84a64d4e195ab176 (patch) | |
tree | 9a44c40303400fe536a2815a42cd7662d2e4dfdf | |
parent | b573186f48ab77f754bff4f7040a069630c933a5 (diff) | |
download | sdl_core-29589f7925619f0eae8dbc6d84a64d4e195ab176.tar.gz |
Fix SSL max block size logic (#3652)
* Fix setting encrypted block size when cipher is unknown
* Add missing cipher to list
-rw-r--r-- | src/components/security_manager/src/ssl_context_impl.cc | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/components/security_manager/src/ssl_context_impl.cc b/src/components/security_manager/src/ssl_context_impl.cc index 3e1b7db0bb..1c8b009097 100644 --- a/src/components/security_manager/src/ssl_context_impl.cc +++ b/src/components/security_manager/src/ssl_context_impl.cc @@ -131,6 +131,8 @@ CryptoManagerImpl::SSLContextImpl::create_max_block_sizes() { rc.insert(std::make_pair("AES128-SHA", seed_sha_max_block_size)); rc.insert( std::make_pair("AES256-GCM-SHA384", aes128_gcm_sha256_max_block_size)); + rc.insert(std::make_pair("ECDHE-RSA-AES256-GCM-SHA384", + aes128_gcm_sha256_max_block_size)); rc.insert(std::make_pair("AES256-SHA256", aes128_sha256_max_block_size)); rc.insert(std::make_pair("AES256-SHA", seed_sha_max_block_size)); rc.insert(std::make_pair("CAMELLIA128-SHA", seed_sha_max_block_size)); @@ -522,16 +524,15 @@ bool CryptoManagerImpl::SSLContextImpl::Decrypt(const uint8_t* const in_data, size_t CryptoManagerImpl::SSLContextImpl::get_max_block_size(size_t mtu) const { SDL_LOG_AUTO_TRACE(); + const auto max_allowed_block_size = + mtu > SSL3_RT_MAX_PLAIN_LENGTH ? SSL3_RT_MAX_PLAIN_LENGTH : mtu; if (!max_block_size_) { // FIXME(EZamakhov): add correct logics for TLS1/1.2/SSL3 // For SSL3.0 set temporary value 90, old TLS1.2 value is 29 - assert(mtu > 90); - return mtu - 90; + assert(max_allowed_block_size > 90); + return max_allowed_block_size - 90; } - const auto max_allowed_block_size = - mtu > SSL3_RT_MAX_PLAIN_LENGTH ? SSL3_RT_MAX_PLAIN_LENGTH : mtu; - return max_block_size_(max_allowed_block_size); } |