diff options
-rw-r--r-- | ssl/record/methods/tls_common.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 666a4f6ae2..8dc1bf3be0 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -1546,6 +1546,14 @@ int tls_prepare_record_header_default(OSSL_RECORD_LAYER *rl, return 1; } +/* + * Encryption growth may result from padding in CBC ciphersuites (never more + * than SSL_RT_MAX_CIPHER_BLOCK_SIZE bytes), or from an AEAD tag (never more + * than EVP_MAX_MD_SIZE bytes). In the case of stitched ciphersuites growth can + * come from both of these. + */ +#define MAX_ENCRYPTION_GROWTH (EVP_MAX_MD_SIZE + SSL_RT_MAX_CIPHER_BLOCK_SIZE) + int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl, size_t mac_size, WPACKET *thispkt, @@ -1570,14 +1578,8 @@ int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl, } } - /* - * Reserve some bytes for any growth that may occur during encryption. - * This will be at most one cipher block or the tag length if using - * AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case. - */ - if (!WPACKET_reserve_bytes(thispkt, - SSL_RT_MAX_CIPHER_BLOCK_SIZE, - NULL) + /* Reserve some bytes for any growth that may occur during encryption. */ + if (!WPACKET_reserve_bytes(thispkt, MAX_ENCRYPTION_GROWTH, NULL) /* * We also need next the amount of bytes written to this * sub-packet @@ -1608,6 +1610,8 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl, /* Allocate bytes for the encryption overhead */ if (!WPACKET_get_length(thispkt, &origlen) + /* Check we allowed enough room for the encryption growth */ + || !ossl_assert(origlen + MAX_ENCRYPTION_GROWTH >= thiswr->length) /* Encryption should never shrink the data! */ || origlen > thiswr->length || (thiswr->length > origlen |