Apply change similar to the one made in
d41a9225196b "tls_common.c: prevent
max_early_data overflow in rlayer_early_data_count_ok()"
to ossl_early_data_count_ok(), that has similar logic in it
(as rlayer_early_data_count_ok() has been copied
from ossl_early_data_count_ok() in
9dd90232d537 "Move early data counting
out of the SSL object and into the record layer").
Complements:
d41a9225196b "tls_common.c: prevent max_early_data overflow in rlayer_early_data_count_ok()"
Fixes: 70ef40a05e06 "Check max_early_data against the amount of early data we actually receive"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Daniel Kubec <kubec@openssl.foundation>
MergeDate: Thu Jun 25 07:13:07 2026
(Merged from https://github.com/openssl/openssl/pull/31628)
static int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length,
size_t overhead, int send)
{
- uint32_t max_early_data;
+ uint64_t max_early_data;
max_early_data = ossl_get_max_early_data(s);
}
/* If we are dealing with ciphertext we need to allow for the overhead */
- max_early_data += (uint32_t)overhead;
+ max_early_data += overhead;
if (s->early_data_count + length > max_early_data) {
SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
projects / thirdparty / openssl.git / commitdiff
