diff options
| author | Matt Caswell <matt@openssl.org> | 2022-11-07 12:02:08 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2022-11-14 11:34:27 +0000 |
| commit | bb0190e8a4d43d06a8ba6e6fca68571b4c3361a5 (patch) | |
| tree | cc3bf3dd0d712178c6d529727b3be28bba240aba /ssl | |
| parent | 1aef13c0bdb907ac55fbcc9ba69abc86e1921324 (diff) | |
Use the same encryption growth macro consistently
We had two different macros for calculating the potential growth due to
encryption. The macro we use for allocating the underlying buffer should be
the same one that we use for reserving bytes for encryption growth.
Also if we are adding the MAC independently of the cipher algorithm then
the encryption growth will not include that MAC so we should remove it
from the amount of bytes that we reserve for that growth. Otherwise we
might exceed our buffer size and the WPACKET_reserve operation will
fail.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19264)
(cherry picked from commit 3d004cefec5135a3b080dc898d7f7d5452ef309f)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index a36ae8d03c..4121f3b2ae 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -677,14 +677,6 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, } } -/* - * Encryption growth may result from padding in CBC ciphersuites (never more - * than SSL_RT_MAX_CIPHER_BLOCK_SIZE bytes), or from an AEAD tag (never more - * than EVP_MAX_MD_SIZE bytes). In the case of stitched ciphersuites growth can - * come from both of these. - */ -#define MAX_ENCRYPTION_GROWTH (EVP_MAX_MD_SIZE + SSL_RT_MAX_CIPHER_BLOCK_SIZE) - int do_ssl3_write(SSL *s, int type, const unsigned char *buf, size_t *pipelens, size_t numpipes, int create_empty_fragment, size_t *written) @@ -1023,9 +1015,16 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } } - /* Reserve some bytes for any growth that may occur during encryption. */ + /* + * Reserve some bytes for any growth that may occur during encryption. If + * we are adding the MAC independently of the cipher algorithm, then the + * max encrypted overhead does not need to include an allocation for that + * MAC + */ if (!BIO_get_ktls_send(s->wbio)) { - if (!WPACKET_reserve_bytes(thispkt, MAX_ENCRYPTION_GROWTH, NULL) + if (!WPACKET_reserve_bytes(thispkt, + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + - mac_size, NULL) /* * We also need next the amount of bytes written to this * sub-packet @@ -1078,8 +1077,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* Allocate bytes for the encryption overhead */ if (!WPACKET_get_length(thispkt, &origlen) /* Check we allowed enough room for the encryption growth */ - || !ossl_assert(origlen + MAX_ENCRYPTION_GROWTH - >= thiswr->length) + || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + - mac_size >= thiswr->length) /* Encryption should never shrink the data! */ || origlen > thiswr->length || (thiswr->length > origlen |