From e07b5e1a0a76f25c633a468d4f7945b82ae436bd Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 12 Dec 2023 13:17:51 +0000
Subject: [PATCH] Ensure the default length calculation includes the content
 type byte

TLSv1.3 includes an extra byte after the payload for the content type.
We should incorporate that in the calculation of the default buffer length.

Fixes #23015

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23021)
---
 ssl/record/methods/tls_common.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 423777c18dd..7da423e2430 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -147,6 +147,7 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes,
     TLS_BUFFER *wb;
     size_t currpipe;
     size_t defltlen = 0;
+    size_t contenttypelen = 0;
 
     if (firstlen == 0 || (numwpipes > 1 && nextlen == 0)) {
         if (rl->isdtls)
@@ -154,21 +155,26 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes,
         else
             headerlen = SSL3_RT_HEADER_LENGTH;
 
+        /* TLSv1.3 adds an extra content type byte after payload data */
+        if (rl->version == TLS1_3_VERSION)
+            contenttypelen = 1;
+
 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
         align = SSL3_ALIGN_PAYLOAD - 1;
 #endif
 
-        defltlen = rl->max_frag_len + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
-                   + headerlen + align + rl->eivlen;
+        defltlen = align + headerlen + rl->eivlen + rl->max_frag_len
+                   + contenttypelen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
 #ifndef OPENSSL_NO_COMP
         if (tls_allow_compression(rl))
             defltlen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
 #endif
         /*
          * We don't need to add eivlen here since empty fragments only occur
-         * when we don't have an explicit IV
+         * when we don't have an explicit IV. The contenttype byte will also
+         * always be 0 in these protocol versions
          */
-        if (!(rl->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+        if ((rl->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) == 0)
             defltlen += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
     }
 
-- 
2.47.2