50 static final int headerSize = 5; // SSLv3 record header |
50 static final int headerSize = 5; // SSLv3 record header |
51 static final int maxExpansion = 1024; // for bad compression |
51 static final int maxExpansion = 1024; // for bad compression |
52 static final int trailerSize = 20; // SHA1 hash size |
52 static final int trailerSize = 20; // SHA1 hash size |
53 static final int maxDataSize = 16384; // 2^14 bytes of data |
53 static final int maxDataSize = 16384; // 2^14 bytes of data |
54 static final int maxPadding = 256; // block cipher padding |
54 static final int maxPadding = 256; // block cipher padding |
55 static final int maxIVLength = 256; // IV length |
55 static final int maxIVLength = 256; // block length |
56 |
|
57 /* |
|
58 * The size of the header plus the max IV length |
|
59 */ |
|
60 static final int headerPlusMaxIVSize = |
|
61 headerSize // header |
|
62 + maxIVLength; // iv |
|
63 |
56 |
64 /* |
57 /* |
65 * SSL has a maximum record size. It's header, (compressed) data, |
58 * SSL has a maximum record size. It's header, (compressed) data, |
66 * padding, and a trailer for the message authentication information (MAC |
59 * padding, and a trailer for the MAC. |
67 * for block and stream ciphers, and message authentication tag for AEAD |
|
68 * ciphers). |
|
69 * |
|
70 * Some compression algorithms have rare cases where they expand the data. |
60 * Some compression algorithms have rare cases where they expand the data. |
71 * As we don't support compression at this time, leave that out. |
61 * As we don't support compression at this time, leave that out. |
72 */ |
62 */ |
73 static final int maxRecordSize = |
63 static final int maxRecordSize = |
74 headerPlusMaxIVSize // header + iv |
64 headerSize // header |
75 + maxDataSize // data |
65 + maxIVLength // iv |
76 + maxPadding // padding |
66 + maxDataSize // data |
77 + trailerSize; // MAC or AEAD tag |
67 + maxPadding // padding |
|
68 + trailerSize; // MAC |
78 |
69 |
79 static final boolean enableCBCProtection = |
70 static final boolean enableCBCProtection = |
80 Debug.getBooleanProperty("jsse.enableCBCProtection", true); |
71 Debug.getBooleanProperty("jsse.enableCBCProtection", true); |
81 |
72 |
82 /* |
73 /* |
84 * packets. Max application data size for the second packet. |
75 * packets. Max application data size for the second packet. |
85 */ |
76 */ |
86 static final int maxDataSizeMinusOneByteRecord = |
77 static final int maxDataSizeMinusOneByteRecord = |
87 maxDataSize // max data size |
78 maxDataSize // max data size |
88 - ( // max one byte record size |
79 - ( // max one byte record size |
89 headerPlusMaxIVSize // header + iv |
80 headerSize // header |
|
81 + maxIVLength // iv |
90 + 1 // one byte data |
82 + 1 // one byte data |
91 + maxPadding // padding |
83 + maxPadding // padding |
92 + trailerSize // MAC |
84 + trailerSize // MAC |
93 ); |
85 ); |
94 |
86 |
110 * Maximum record size for alert and change cipher spec records. |
102 * Maximum record size for alert and change cipher spec records. |
111 * They only contain 2 and 1 bytes of data, respectively. |
103 * They only contain 2 and 1 bytes of data, respectively. |
112 * Allocate a smaller array. |
104 * Allocate a smaller array. |
113 */ |
105 */ |
114 static final int maxAlertRecordSize = |
106 static final int maxAlertRecordSize = |
115 headerPlusMaxIVSize // header + iv |
107 headerSize // header |
116 + 2 // alert |
108 + maxIVLength // iv |
117 + maxPadding // padding |
109 + 2 // alert |
118 + trailerSize; // MAC |
110 + maxPadding // padding |
|
111 + trailerSize; // MAC |
119 |
112 |
120 /* |
113 /* |
121 * The overflow values of integers of 8, 16 and 24 bits. |
114 * The overflow values of integers of 8, 16 and 24 bits. |
122 */ |
115 */ |
123 static final int OVERFLOW_OF_INT08 = (1 << 8); |
116 static final int OVERFLOW_OF_INT08 = (1 << 8); |