From 0bbbecd8949ae832a15d5a76c457b0a84c78cc47 Mon Sep 17 00:00:00 2001 From: Peter Wu Date: Wed, 4 Oct 2017 16:05:13 +0100 Subject: [PATCH] crypto/tls: accept 2^14+1 TLSInnerPlaintext The record layer splits application data into chunks of at most 2^14 octets. When record protection is engaged in TLS 1.3, the application data is serialized into a TLSInnerPlaintext which has an additional byte for the content type, resulting in a maximum length of 2^14+1. Fixes LargeMessage, TLS13-AEAD-CHACHA20-POLY1305-LargeRecord, TLS13-AEAD-AES128-GCM-SHA256-LargeRecord and TLS13-AEAD-AES256-GCM-SHA384-LargeRecord bogo tests. Fixes: https://github.com/cloudflare/tls-tris/issues/46 --- conn.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conn.go b/conn.go index d54d760..27dc1c4 100644 --- a/conn.go +++ b/conn.go @@ -736,7 +736,7 @@ Again: } b.off = off data := b.data[b.off:] - if len(data) > maxPlaintext { + if (c.vers < VersionTLS13 && len(data) > maxPlaintext) || len(data) > maxPlaintext+1 { c.in.freeBlock(b) return c.in.setErrorLocked(c.sendAlert(alertRecordOverflow)) }