[gnutls-devel] 3.2.2 breaks TLS sockets

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Jul 28 09:12:15 CEST 2013


On 07/26/2013 06:24 PM, Tim Kosse wrote:
> Hi,
> 
> I've also encountered this issue, I'm seeing it triggered in
> gnutls_cipher.c:748
[...]
> As per TLS1.2 RFC:
>> The encrypted data length (TLSCiphertext.length) is one more than the
>>    sum of SecurityParameters.block_length, TLSCompressed.length,
>>    SecurityParameters.mac_length, and padding_length.
> 
> In gnutls_cipher.c:747, we're comparing the ciphertext size against the
> size of the output buffer. At this point, the ciphertext size still
> contains mac, padding, some tags (iv size has been subtracted before).
> 
> Building on your patch, I think the correct approach is to use the
> following:
> 
> t.size = _gnutls_get_max_decrypted_data(session) + MAX_PAD_SIZE +
> MAX_HASH_SIZE;
> I'm not quite sure if there's still some +1 or something else hiding
> there though.

Hello Tim,
 You are correct. I've committed a slightly different fix.

> Sidenode: I'm not sure the check for allow_large_records in
> _gnutls_get_max_decrypted_data is working as intended in this case.
> Intuitively I would simply make the output buffer as large as the
> ciphertext if I were to allow over-sized records.

Indeed, that is part of the new fix.

regards,
Nikos




More information about the Gnutls-devel mailing list