_gnutls_record_overhead: count content type octet in plaintext

author Daiki Ueno <dueno@redhat.com>

Thu, 8 Feb 2018 12:24:46 +0000 (13:24 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Mon, 19 Feb 2018 14:29:37 +0000 (15:29 +0100)
author Daiki Ueno <dueno@redhat.com>
Thu, 8 Feb 2018 12:24:46 +0000 (13:24 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 19 Feb 2018 14:29:37 +0000 (15:29 +0100)
diff --git a/lib/dtls.c b/lib/dtls.c

index 0966a0b6f6f249759e1490f667986f2279851e3b..07c3495a46286adc637eabe605732b432f0e3dad 100644 (file)
--- a/lib/dtls.c
+++ b/lib/dtls.c
@@ -508,6 +508,10 @@ unsigned _gnutls_record_overhead(const version_entry_st *ver,
         if (unlikely(cipher == NULL))
                 return 0;
  
+       /* 1 octet content type in the unencrypted content */
+       if (ver->tls13_sem)
+               total++;
+
         if (mac->id == GNUTLS_MAC_AEAD) {
                 if (!ver->tls13_sem)
                         total += _gnutls_cipher_get_explicit_iv_size(cipher);
diff --git a/tests/gnutls_record_overhead.c b/tests/gnutls_record_overhead.c

index 2f17420a386553ac08569a5959af8b17f2882e57..f07f0b232b82b4d42d4de723da64c71003986b81 100644 (file)
--- a/tests/gnutls_record_overhead.c
+++ b/tests/gnutls_record_overhead.c
@@ -56,27 +56,35 @@ unsigned _gnutls_record_overhead(const version_entry_st *ver,
                                  const mac_entry_st *mac,
                                  unsigned max);
  
-#define OVERHEAD(c, m) \
-       _gnutls_record_overhead(version_to_entry(GNUTLS_TLS1_2), cipher_to_entry(c), mac_to_entry(m), \
+#define OVERHEAD(v, c, m)                                              \
+       _gnutls_record_overhead(version_to_entry(v), cipher_to_entry(c), mac_to_entry(m), \
                                 0)
  
-#define MAX_OVERHEAD(c, m) \
-       _gnutls_record_overhead(version_to_entry(GNUTLS_TLS1_2), cipher_to_entry(c), mac_to_entry(m), \
+#define MAX_OVERHEAD(v, c, m)                                          \
+       _gnutls_record_overhead(version_to_entry(v), cipher_to_entry(c), mac_to_entry(m), \
                                 1)
  
  static void check_aes_gcm(void **glob_state)
  {
         const unsigned ov = 16+8;
         /* Under AES-GCM the overhead is constant */
-       assert_int_equal(OVERHEAD(GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD), ov);
-       assert_int_equal(MAX_OVERHEAD(GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD), ov);
+       assert_int_equal(OVERHEAD(GNUTLS_TLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD), ov);
+       assert_int_equal(MAX_OVERHEAD(GNUTLS_TLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD), ov);
+}
+
+static void check_tls13_aes_gcm(void **glob_state)
+{
+       const unsigned ov = 16+1;
+       /* Under AES-GCM the overhead is constant */
+       assert_int_equal(OVERHEAD(GNUTLS_TLS1_3, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD), ov);
+       assert_int_equal(MAX_OVERHEAD(GNUTLS_TLS1_3, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD), ov);
  }
  
  static void check_aes_sha1_min(void **glob_state)
  {
         const unsigned mac = 20;
         const unsigned block = 16;
-       assert_int_equal(OVERHEAD(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1), 1+mac+block);
+       assert_int_equal(OVERHEAD(GNUTLS_TLS1_2, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1), 1+mac+block);
  }
  
  static void check_aes_sha1_max(void **glob_state)
@@ -84,13 +92,14 @@ static void check_aes_sha1_max(void **glob_state)
         const unsigned mac = 20;
         const unsigned block = 16;
  
-       assert_int_equal(MAX_OVERHEAD(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1), block+mac+block);
+       assert_int_equal(MAX_OVERHEAD(GNUTLS_TLS1_2, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1), block+mac+block);
  }
  
  int main(void)
  {
         const struct CMUnitTest tests[] = {
                 cmocka_unit_test(check_aes_gcm),
+               cmocka_unit_test(check_tls13_aes_gcm),
                 cmocka_unit_test(check_aes_sha1_min),
                 cmocka_unit_test(check_aes_sha1_max)
         };
author	Daiki Ueno <dueno@redhat.com>
	Thu, 8 Feb 2018 12:24:46 +0000 (13:24 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Mon, 19 Feb 2018 14:29:37 +0000 (15:29 +0100)
lib/dtls.c		patch \| blob \| blame \| history
tests/gnutls_record_overhead.c		patch \| blob \| blame \| history