diff options
author | Matt Caswell <matt@openssl.org> | 2017-03-06 15:13:25 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-03-06 20:07:40 +0000 |
commit | 432196951390796cf2353de2d92f952f1deaa9d0 (patch) | |
tree | a2f7e71198546e1298e11b21b17c752b3bf58361 /include | |
parent | febb0afaef47ed74b2bdbde0b4278263390f4185 (diff) |
Tweak the TLSv1.3 record overflow limits
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2861)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl3.h | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index e6df97b741..604a704a2e 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -170,7 +170,8 @@ extern "C" { * practice the value is lower than this. The overhead is the maximum number * of padding bytes (256) plus the mac size. */ -# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 /* * OpenSSL currently only uses a padding length of at most one block so the @@ -186,12 +187,14 @@ extern "C" { # define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH # else # define SSL3_RT_MAX_COMPRESSED_LENGTH \ - (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) # endif # define SSL3_RT_MAX_ENCRYPTED_LENGTH \ - (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) # define SSL3_RT_MAX_PACKET_SIZE \ - (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) # define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" # define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" |