summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2023-01-19 11:59:44 +0000
committerPauli <pauli@openssl.org>2023-01-24 11:22:11 +1100
commitecafcd8ad35094f9c19c0b9a08870bad07098868 (patch)
treeecf84b75e2d55b5b2d22e5fef1ffbfb61a244e28 /ssl
parent6960fb03d58482e574f1caf118542c4f027a28ae (diff)
Ensure our buffer allocation allows for the Explicit IV
Some ciphers/protocol versions have an explicit IV. We need to make sure we have sufficient room for it in the underlying buffer. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20086) (cherry picked from commit 3be93f1b264d35ad93ceb71affacdef1b930c3c6)
Diffstat (limited to 'ssl')
-rw-r--r--ssl/record/ssl3_buffer.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index 01c553ebff..7dba502fd5 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -96,11 +96,16 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
#endif
len = ssl_get_max_send_fragment(s)
- + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+ + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align
+ + SSL_RT_MAX_CIPHER_BLOCK_SIZE /* Explicit IV allowance */;
#ifndef OPENSSL_NO_COMP
if (ssl_allow_compression(s))
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
+ /*
+ * We don't need to add an allowance for eivlen here since empty
+ * fragments only occur when we don't have an explicit IV
+ */
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
}