GmSSL icon indicating copy to clipboard operation
GmSSL copied to clipboard

Published 20 hours ago verified publisher icon guanzhi

bug: 包长度较大导致TLCP解密失败

Open yuesong-feng opened this issue 1 year ago • 2 comments 

tls_send(&conn, (uint8_t *)buf, sizeof(buf), &sentlen);   // sizeof(buf) > 20000

TLCP协议,发送包时,包长度较大(如超过20000),接收端tls_recv接收时会解密失败,报错: tls.c: 387: tls_cbc_decrypt: tls ciphertext mac check failure,调试发现mac和hmac一致性检查不通过:

if (gmssl_secure_memcmp(mac, hmac, sizeof(hmac)) != 0) {
      error_puts("tls ciphertext mac check failure\n");
      return -1;
 }

TLCP只能支持较短的包吗?

yuesong-feng avatar Mar 13 '23 04:03 yuesong-feng

已在应用做拆分包,可以解决。但TLS_MAX_PLAINTEXT_SIZE被定义为16384,为何最多只支持这个长度的明文呢?

yuesong-feng avatar Mar 14 '23 05:03 yuesong-feng

因为tcp发送缓冲区正好是16384

timipig avatar Nov 17 '23 06:11 timipig