rustls · cpu · Nov 16, 2023 · Nov 2, 2023
diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs
@@ -83,7 +83,7 @@ impl cipher::MessageEncrypter for Tls13Cipher {
         m: cipher::BorrowedPlainMessage,
         seq: u64,
     ) -> Result<cipher::OpaqueMessage, rustls::Error> {
-        let total_len = m.payload.len() + 1 + CHACHAPOLY1305_OVERHEAD;
+        let total_len = self.encrypted_payload_len(m.payload.len());
 
         // construct a TLSInnerPlaintext
         let mut payload = Vec::with_capacity(total_len);
@@ -104,6 +104,10 @@ impl cipher::MessageEncrypter for Tls13Cipher {
                 )
             })
     }
+
+    fn encrypted_payload_len(&self, payload_len: usize) -> usize {
+        payload_len + 1 + CHACHAPOLY1305_OVERHEAD
+    }
 }
 
 impl cipher::MessageDecrypter for Tls13Cipher {
@@ -132,7 +136,7 @@ impl cipher::MessageEncrypter for Tls12Cipher {
         m: cipher::BorrowedPlainMessage,
         seq: u64,
     ) -> Result<cipher::OpaqueMessage, rustls::Error> {
-        let total_len = m.payload.len() + CHACHAPOLY1305_OVERHEAD;
+        let total_len = self.encrypted_payload_len(m.payload.len());
 
         let mut payload = Vec::with_capacity(total_len);
         payload.extend_from_slice(m.payload);
@@ -145,6 +149,10 @@ impl cipher::MessageEncrypter for Tls12Cipher {
             .map_err(|_| rustls::Error::EncryptError)
             .map(|_| cipher::OpaqueMessage::new(m.typ, m.version, payload))
     }
+
+    fn encrypted_payload_len(&self, payload_len: usize) -> usize {
+        payload_len + CHACHAPOLY1305_OVERHEAD
+    }
 }
 
 impl cipher::MessageDecrypter for Tls12Cipher {

diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs
@@ -132,6 +132,10 @@
     /// Encrypt the given TLS message `msg`, using the sequence number
     /// `seq which can be used to derive a unique [`Nonce`].
     fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result<OpaqueMessage, Error>;
+
+    /// Return the length of the ciphertext that results from encrypting plaintext of
+    /// length `payload_len`
+    fn encrypted_payload_len(&self, payload_len: usize) -> usize;
 }
 
 impl dyn MessageEncrypter {
@@ -300,6 +304,10 @@
     fn encrypt(&self, _m: BorrowedPlainMessage, _seq: u64) -> Result<OpaqueMessage, Error> {
         Err(Error::EncryptError)
     }
+
+    fn encrypted_payload_len(&self, payload_len: usize) -> usize {
+        payload_len
+    }
 }
 
 /// A `MessageDecrypter` which doesn't work.

diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs
@@ -266,8 +266,8 @@ impl MessageEncrypter for GcmMessageEncrypter {
         let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0);
         let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len()));
 
-        let total_len = msg.payload.len() + self.enc_key.algorithm().tag_len();
-        let mut payload = Vec::with_capacity(GCM_EXPLICIT_NONCE_LEN + total_len);
+        let total_len = self.encrypted_payload_len(msg.payload.len());
+        let mut payload = Vec::with_capacity(total_len);
         payload.extend_from_slice(&nonce.as_ref()[4..]);
         payload.extend_from_slice(msg.payload);
 
@@ -278,6 +278,10 @@ impl MessageEncrypter for GcmMessageEncrypter {
 
         Ok(OpaqueMessage::new(msg.typ, msg.version, payload))
     }
+
+    fn encrypted_payload_len(&self, payload_len: usize) -> usize {
+        payload_len + GCM_EXPLICIT_NONCE_LEN + self.enc_key.algorithm().tag_len()
+    }
 }
 
 /// The RFC7905/RFC7539 ChaCha20Poly1305 construction.
@@ -335,7 +339,7 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter {
         let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.enc_offset, seq).0);
         let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len()));
 
-        let total_len = msg.payload.len() + self.enc_key.algorithm().tag_len();
+        let total_len = self.encrypted_payload_len(msg.payload.len());
         let mut buf = Vec::with_capacity(total_len);
         buf.extend_from_slice(msg.payload);
 
@@ -345,6 +349,10 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter {
 
         Ok(OpaqueMessage::new(msg.typ, msg.version, buf))
     }
+
+    fn encrypted_payload_len(&self, payload_len: usize) -> usize {
+        payload_len + self.enc_key.algorithm().tag_len()
+    }
 }
 
 fn gcm_iv(write_iv: &[u8], explicit: &[u8]) -> Iv {

diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs
@@ -181,7 +181,7 @@ struct Tls13MessageDecrypter {
 
 impl MessageEncrypter for Tls13MessageEncrypter {
     fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result<OpaqueMessage, Error> {
-        let total_len = msg.payload.len() + 1 + self.enc_key.algorithm().tag_len();
+        let total_len = self.encrypted_payload_len(msg.payload.len());
         let mut payload = Vec::with_capacity(total_len);
         payload.extend_from_slice(msg.payload);
         msg.typ.encode(&mut payload);
@@ -198,6 +198,10 @@ impl MessageEncrypter for Tls13MessageEncrypter {
             payload,
         ))
     }
+
+    fn encrypted_payload_len(&self, payload_len: usize) -> usize {
+        payload_len + 1 + self.enc_key.algorithm().tag_len()
+    }
 }
 
 impl MessageDecrypter for Tls13MessageDecrypter {