Add record size checking during handshake Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

commit: 9aec1c71f2055c742ba854359cbc25f302224e14 [log] [tgz]
author: Waleed Elmelegy <waleed.elmelegy@arm.com> Tue Dec 05 20:08:51 2023 +0000
committer: Waleed Elmelegy <waleed.elmelegy@arm.com> Wed Dec 06 15:18:15 2023 +0000
tree: ac71312311ab392b2d204686e9bc378ba90af946
parent: f482dcc6c7a6003a86a69948f1f05f4e9490967e [diff] [blame]
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 7c7aac8..2375021 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c

@@ -1376,13 +1376,14 @@
 int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    int max_out_record_len = mbedtls_ssl_get_max_out_record_payload(ssl);
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec"));
 
     /* Write CCS message */
     MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_change_cipher_spec_body(
                              ssl, ssl->out_msg,
-                             ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
+                             ssl->out_msg + max_out_record_len,
                              &ssl->out_msglen));
 
     ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
commit	9aec1c71f2055c742ba854359cbc25f302224e14	[log] [tgz]
author	Waleed Elmelegy <waleed.elmelegy@arm.com>	Tue Dec 05 20:08:51 2023 +0000
committer	Waleed Elmelegy <waleed.elmelegy@arm.com>	Wed Dec 06 15:18:15 2023 +0000
tree	ac71312311ab392b2d204686e9bc378ba90af946
parent	f482dcc6c7a6003a86a69948f1f05f4e9490967e [diff] [blame]