crypto/tls: accept 2^14+1 TLSInnerPlaintext

The record layer splits application data into chunks of at most 2^14 octets. When record protection is engaged in TLS 1.3, the application data is serialized into a TLSInnerPlaintext which has an additional byte for the content type, resulting in a maximum length of 2^14+1. Fixes LargeMessage, TLS13-AEAD-CHACHA20-POLY1305-LargeRecord, TLS13-AEAD-AES128-GCM-SHA256-LargeRecord and TLS13-AEAD-AES256-GCM-SHA384-LargeRecord bogo tests. Fixes: https://github.com/cloudflare/tls-tris/issues/46
2017-10-04 16:05:13 +01:00 · 2017-10-04 16:05:13 +01:00 · 0bbbecd894
commit 0bbbecd894
parent fa9ccdc8b0
1 changed files with 1 additions and 1 deletions
--- a/conn.go
+++ b/conn.go
@ -736,7 +736,7 @@ Again:
 	}
 	b.off = off
 	data := b.data[b.off:]
-	if len(data) > maxPlaintext {
+	if (c.vers < VersionTLS13 && len(data) > maxPlaintext) || len(data) > maxPlaintext+1 {
 		c.in.freeBlock(b)
 		return c.in.setErrorLocked(c.sendAlert(alertRecordOverflow))
 	}