Fix the derivation of SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD.
It happens to give the same value anyway (64 + 16), but only on accident. Change-Id: I1415f4015e3de472dbeb9ada0d92607c9d1bcd40 Reviewed-on: https://boringssl-review.googlesource.com/3780 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
a4e6d48749
commit
f46cea8cd8
@ -117,9 +117,11 @@
|
|||||||
#ifndef HEADER_SSL3_H
|
#ifndef HEADER_SSL3_H
|
||||||
#define HEADER_SSL3_H
|
#define HEADER_SSL3_H
|
||||||
|
|
||||||
|
#include <openssl/aead.h>
|
||||||
#include <openssl/buf.h>
|
#include <openssl/buf.h>
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
|
#include <openssl/type_check.h>
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
@ -237,14 +239,23 @@ extern "C" {
|
|||||||
|
|
||||||
/* The standards give a maximum encryption overhead of 1024 bytes. In practice
|
/* The standards give a maximum encryption overhead of 1024 bytes. In practice
|
||||||
* the value is lower than this. The overhead is the maximum number of padding
|
* the value is lower than this. The overhead is the maximum number of padding
|
||||||
* bytes (256) plus the mac size. */
|
* bytes (256) plus the mac size.
|
||||||
|
*
|
||||||
|
* TODO(davidben): This derivation doesn't take AEADs into account, or TLS 1.1
|
||||||
|
* explicit nonces. It happens to work because |SSL3_RT_MAX_MD_SIZE| is larger
|
||||||
|
* than necessary and no true AEAD has variable overhead in TLS 1.2. */
|
||||||
#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
|
#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
|
||||||
|
|
||||||
/* OpenSSL currently only uses a padding length of at most one block so the
|
/* SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD is the maximum overhead in encrypting a
|
||||||
* send overhead is smaller. */
|
* record. This does not include the record header. Some ciphers use explicit
|
||||||
|
* nonces, so it includes both the AEAD overhead as well as the nonce. */
|
||||||
#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
|
#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
|
||||||
(SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
|
(EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH)
|
||||||
|
|
||||||
|
OPENSSL_COMPILE_ASSERT(
|
||||||
|
SSL3_RT_MAX_ENCRYPTED_OVERHEAD >= SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD,
|
||||||
|
max_overheads_are_consistent);
|
||||||
|
|
||||||
|
|
||||||
/* If compression isn't used don't include the compression overhead */
|
/* If compression isn't used don't include the compression overhead */
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user