ownTLS updated

lib/TLS/include/Method.h

@@ -327,6 +327,15 @@ namespace eap
         ///
         void decrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data);
 
+        ///
+        /// Returns maximum netto size of a message for a given TLS message size
+        ///
+        /// \param[in] size_message  Size of the final TLS message
+        ///
+        /// \returns Netto size of message data
+        ///
+        size_t get_max_message(_In_ size_t size_message) const;
+
         /// @}
 
         /// \name Pseudo-random generation

lib/TLS/src/Method.cpp

@@ -1618,6 +1618,29 @@ void eap::method_tls::decrypt_message(_In_ tls_message_type_t type, _Inout_ sani
 }
 
 
+size_t eap::method_tls::get_max_message(_In_ size_t size_message) const
+{
+    if (m_state_client.m_size_enc_block) {
+        // Padding
+        size_message -= size_message % m_state_client.m_size_enc_block;
+        size_message--;
+
+        // HMAC
+        size_message -= m_state_client.m_size_mac_hash;
+
+        if (m_tls_version >= tls_version_1_1) {
+            // IV (TLS 1.1+)
+            size_message -= m_state_client.m_size_enc_iv;
+        }
+    } else {
+        // HMAC
+        size_message -= m_state_client.m_size_mac_hash;
+    }
+
+    return size_message;
+}
+
+
 eap::sanitizing_blob eap::method_tls::prf(
     _In_                            HCRYPTPROV        cp,
     _In_                            ALG_ID            alg,

lib/TTLS/src/Method.cpp

@@ -227,7 +227,7 @@ void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const v
         m_packet_res.m_id    = m_packet_req.m_id;
         m_packet_res.m_flags = 0;
 
-        DWORD size_data = m_size_inner_packet_max;
+        DWORD size_data = (DWORD)get_max_message(16384 - sizeof(message_header));
         sanitizing_blob data(size_data, 0);
         unsigned char *ptr_data = data.data();
 #else