Account for additional record expansion when using CIDs

Using the Connection ID extension increases the maximum record expansion because - the real record content type is added to the plaintext - the plaintext may be padded with an arbitrary number of zero bytes, in order to prevent leakage of information through package length analysis. Currently, we always pad the plaintext in a minimal way so that its length is a multiple of 16 Bytes. This commit adapts the various parts of the library to account for that additional source of record expansion.
2025-01-11 22:15:44 +00:00 · 2019-05-08 15:40:11 +01:00 · 2019-05-08 15:40:11 +01:00 · add0190059
parent eec2be9c9f
commit add0190059
2 changed files with 27 additions and 1 deletions
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -166,10 +166,19 @@
 #define MBEDTLS_SSL_PADDING_ADD              0
 #endif

+#if defined(MBEDTLS_SSL_CID)
+#define MBEDTLS_SSL_MAX_CID_EXPANSION       16 /* Currently, we pad records
+                                                * to lengths which are multiples
+                                                * of 16 Bytes. */
+#else
+#define MBEDTLS_SSL_MAX_CID_EXPANSION        0
+#endif
+
 #define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD +    \
                                       MBEDTLS_MAX_IV_LENGTH +          \
                                       MBEDTLS_SSL_MAC_ADD +            \
-                                       MBEDTLS_SSL_PADDING_ADD          \
+                                       MBEDTLS_SSL_PADDING_ADD +        \
+                                       MBEDTLS_SSL_MAX_CID_EXPANSION    \
                                       )

 #define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
@ -222,11 +231,23 @@
   implicit sequence number. */
 #define MBEDTLS_SSL_HEADER_LEN 13

+#if defined(MBEDTLS_SSL_CID)
 #define MBEDTLS_SSL_IN_BUFFER_LEN  \
    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
+#else
+#define MBEDTLS_SSL_IN_BUFFER_LEN  \
+    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \
+      + ( MBEDTLS_SSL_CID_IN_LEN_MAX ) )
+#endif

+#if defined(MBEDTLS_SSL_CID)
 #define MBEDTLS_SSL_OUT_BUFFER_LEN  \
    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
+#else
+#define MBEDTLS_SSL_OUT_BUFFER_LEN                               \
+    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN )    \
+      + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
+#endif

 #ifdef MBEDTLS_ZLIB_SUPPORT
 /* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -8378,6 +8378,11 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
    }

+#if defined(MBEDTLS_SSL_CID)
+    if( transform->out_cid_len != 0 )
+        transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION;
+#endif /* MBEDTLS_SSL_CID */
+
    return( (int)( out_hdr_len + transform_expansion ) );
 }