[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed May 3 16:16:21 UTC 2017
The branch master has been updated
via 96c9aee2a835e5a0833223d6d6458a3d45457913 (commit)
from 47f7cf051bbb5d67778f6250c3c85341afea86d6 (commit)
- Log -----------------------------------------------------------------
commit 96c9aee2a835e5a0833223d6d6458a3d45457913
Author: Todd Short <tshort at akamai.com>
Date: Wed May 3 11:24:21 2017 -0400
Limit padded record to max plaintext
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3374)
-----------------------------------------------------------------------
Summary of changes:
ssl/record/rec_layer_s3.c | 59 +++++++++++++++++++++++++----------------------
1 file changed, 31 insertions(+), 28 deletions(-)
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 43c4a94..bff93eb 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -860,7 +860,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
}
if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) {
- size_t padding = 0;
+ size_t rlen;
if (!WPACKET_put_bytes_u8(thispkt, type)) {
SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
@@ -869,34 +869,37 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
SSL3_RECORD_add_length(thiswr, 1);
/* Add TLS1.3 padding */
- if (s->record_padding_cb != NULL) {
- size_t rlen = SSL3_RECORD_get_length(thiswr);
-
- padding = s->record_padding_cb(s, type, rlen, s->record_padding_arg);
- /* do not allow the record to exceed max plaintext length */
- if (padding > (SSL3_RT_MAX_PLAIN_LENGTH - rlen))
- padding = SSL3_RT_MAX_PLAIN_LENGTH - rlen;
- } else if (s->block_padding > 0) {
- size_t mask = s->block_padding - 1;
- size_t remainder;
-
- /* optimize for power of 2 */
- if ((s->block_padding & mask) == 0)
- remainder = SSL3_RECORD_get_length(thiswr) & mask;
- else
- remainder = SSL3_RECORD_get_length(thiswr) % s->block_padding;
- /* don't want to add a block of padding if we don't have to */
- if (remainder == 0)
- padding = 0;
- else
- padding = s->block_padding - remainder;
- }
- if (padding > 0) {
- if (!WPACKET_memset(thispkt, 0, padding)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
- goto err;
+ rlen = SSL3_RECORD_get_length(thiswr);
+ if (rlen < SSL3_RT_MAX_PLAIN_LENGTH) {
+ size_t padding = 0;
+ size_t max_padding = SSL3_RT_MAX_PLAIN_LENGTH - rlen;
+ if (s->record_padding_cb != NULL) {
+ padding = s->record_padding_cb(s, type, rlen, s->record_padding_arg);
+ } else if (s->block_padding > 0) {
+ size_t mask = s->block_padding - 1;
+ size_t remainder;
+
+ /* optimize for power of 2 */
+ if ((s->block_padding & mask) == 0)
+ remainder = rlen & mask;
+ else
+ remainder = rlen % s->block_padding;
+ /* don't want to add a block of padding if we don't have to */
+ if (remainder == 0)
+ padding = 0;
+ else
+ padding = s->block_padding - remainder;
+ }
+ if (padding > 0) {
+ /* do not allow the record to exceed max plaintext length */
+ if (padding > max_padding)
+ padding = max_padding;
+ if (!WPACKET_memset(thispkt, 0, padding)) {
+ SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ SSL3_RECORD_add_length(thiswr, padding);
}
- SSL3_RECORD_add_length(thiswr, padding);
}
}
More information about the openssl-commits
mailing list