feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix check for plaintext length when using Encrypt-Then-MAC

Browse Source
This commit is contained in:
Sean Parkinson
2019-10-28 16:28:52 +10:00
parent b80b10b980
commit 8a92e1eae6
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/internal.c
View File

@@ -14309,6 +14309,20 @@ int ProcessReply(WOLFSSL* ssl)
/* the record layer is here */ /* the record layer is here */
case runProcessingOneMessage: case runProcessingOneMessage:
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
if (IsEncryptionOn(ssl, 0) && ssl->options.encThenMac) {
if (ssl->buffers.inputBuffer.length - ssl->keys.padSz -
ssl->buffers.inputBuffer.idx -
MacSize(ssl) > MAX_PLAINTEXT_SZ) {
WOLFSSL_MSG("Plaintext too long - Encrypt-Then-MAC");
#if defined(WOLFSSL_EXTRA_ALERTS)
SendAlert(ssl, alert_fatal, record_overflow);
#endif
return BUFFER_ERROR;
}
}
else
#endif
if (ssl->buffers.inputBuffer.length - ssl->keys.padSz - if (ssl->buffers.inputBuffer.length - ssl->keys.padSz -
ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ) { ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ) {
WOLFSSL_MSG("Plaintext too long"); WOLFSSL_MSG("Plaintext too long");