diff options
| author | Matt Caswell <matt@openssl.org> | 2022-10-26 17:55:46 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2022-11-07 11:59:20 +0100 |
| commit | b05fbac1fc4f9c54a4e7a71728396e8f1b18707e (patch) | |
| tree | 20e704e95f69df94c96aa41c305f8692d03dfe4d /ssl/t1_enc.c | |
| parent | Fix the ceiling on how much encryption growth we can have (diff) | |
| download | openssl-b05fbac1fc4f9c54a4e7a71728396e8f1b18707e.tar.xz openssl-b05fbac1fc4f9c54a4e7a71728396e8f1b18707e.zip | |
Fix dtls_get_max_record_overhead()
We fix dtls_get_max_record_overhead() to give a better value for the max
record overhead. We can't realistically handle the compression case so we
just ignore that.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19516)
Diffstat (limited to 'ssl/t1_enc.c')
| -rw-r--r-- | ssl/t1_enc.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index d3a5df29c2..0265210524 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -209,12 +209,25 @@ int tls1_change_cipher_state(SSL_CONNECTION *s, int which) goto err; } - if (EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE) { + switch (EVP_CIPHER_get_mode(c)) { + case EVP_CIPH_GCM_MODE: + taglen = EVP_GCM_TLS_TAG_LEN; + break; + case EVP_CIPH_CCM_MODE: if ((s->s3.tmp.new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) != 0) taglen = EVP_CCM8_TLS_TAG_LEN; else taglen = EVP_CCM_TLS_TAG_LEN; + break; + default: + if (EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")) { + taglen = EVP_CHACHAPOLY_TLS_TAG_LEN; + } else { + /* MAC secret size corresponds to the MAC output size */ + taglen = s->s3.tmp.new_mac_secret_size; + } + break; } if (which & SSL3_CC_READ) { |