diff options
| author | Matt Caswell <matt@openssl.org> | 2022-11-07 15:02:08 +0300 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2022-11-07 20:12:01 +0300 |
| commit | ecacbc5e3c48901417e8e05bbf1d29df78610607 (patch) | |
| tree | 5efbafd7babdd5437be4c073d1bf86f1ed6776f2 | |
| parent | e9e6827445528caf1d9d6647953fbe67a0c78716 (diff) | |
Use the same encryption growth macro consistently
We had two different macros for calculating the potential growth due to
encryption. The macro we use for allocating the underlying buffer should be
the same one that we use for reserving bytes for encryption growth.
Also if we are adding the MAC independently of the cipher algorithm then
the encryption growth will not include that MAC so we should remove it
from the amount of bytes that we reserve for that growth. Otherwise we
might exceed our buffer size and the WPACKET_reserve operation will
fail.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19622)
| -rw-r--r-- | ssl/record/methods/tls_common.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index ea763d93b6..730e4f7d63 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -1548,14 +1548,6 @@ int tls_prepare_record_header_default(OSSL_RECORD_LAYER *rl, return 1; } -/* - * Encryption growth may result from padding in CBC ciphersuites (never more - * than SSL_RT_MAX_CIPHER_BLOCK_SIZE bytes), or from an AEAD tag (never more - * than EVP_MAX_MD_SIZE bytes). In the case of stitched ciphersuites growth can - * come from both of these. - */ -#define MAX_ENCRYPTION_GROWTH (EVP_MAX_MD_SIZE + SSL_RT_MAX_CIPHER_BLOCK_SIZE) - int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl, size_t mac_size, WPACKET *thispkt, @@ -1580,8 +1572,14 @@ int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl, } } - /* Reserve some bytes for any growth that may occur during encryption. */ - if (!WPACKET_reserve_bytes(thispkt, MAX_ENCRYPTION_GROWTH, NULL) + /* + * Reserve some bytes for any growth that may occur during encryption. If + * we are adding the MAC independently of the cipher algorithm, then the + * max encrypted overhead does not need to include an allocation for that + * MAC + */ + if (!WPACKET_reserve_bytes(thispkt, SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + - mac_size, NULL) /* * We also need next the amount of bytes written to this * sub-packet @@ -1613,7 +1611,8 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl, /* Allocate bytes for the encryption overhead */ if (!WPACKET_get_length(thispkt, &origlen) /* Check we allowed enough room for the encryption growth */ - || !ossl_assert(origlen + MAX_ENCRYPTION_GROWTH >= thiswr->length) + || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + - mac_size >= thiswr->length) /* Encryption should never shrink the data! */ || origlen > thiswr->length || (thiswr->length > origlen |