summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2022-10-24 18:30:42 +0200
committerMatt Caswell <matt@openssl.org>2022-11-07 11:59:20 +0100
commit830eae60a61876a5bcd267f47e224269852dcc29 (patch)
tree066f99372c463eb9ab6e480efc7a6886b0a75d75 /ssl
parentAdd zlib oneshot compression (diff)
downloadopenssl-830eae60a61876a5bcd267f47e224269852dcc29.tar.xz
openssl-830eae60a61876a5bcd267f47e224269852dcc29.zip
Fix the ceiling on how much encryption growth we can have
Stitched ciphersuites can grow by more during encryption than the code allowed for. We fix the calculation and add an assert to check we go it right. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19516)
Diffstat (limited to 'ssl')
-rw-r--r--ssl/record/methods/tls_common.c20
1 files changed, 12 insertions, 8 deletions
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 666a4f6ae2..8dc1bf3be0 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1546,6 +1546,14 @@ int tls_prepare_record_header_default(OSSL_RECORD_LAYER *rl,
return 1;
}
+/*
+ * Encryption growth may result from padding in CBC ciphersuites (never more
+ * than SSL_RT_MAX_CIPHER_BLOCK_SIZE bytes), or from an AEAD tag (never more
+ * than EVP_MAX_MD_SIZE bytes). In the case of stitched ciphersuites growth can
+ * come from both of these.
+ */
+#define MAX_ENCRYPTION_GROWTH (EVP_MAX_MD_SIZE + SSL_RT_MAX_CIPHER_BLOCK_SIZE)
+
int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl,
size_t mac_size,
WPACKET *thispkt,
@@ -1570,14 +1578,8 @@ int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl,
}
}
- /*
- * Reserve some bytes for any growth that may occur during encryption.
- * This will be at most one cipher block or the tag length if using
- * AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case.
- */
- if (!WPACKET_reserve_bytes(thispkt,
- SSL_RT_MAX_CIPHER_BLOCK_SIZE,
- NULL)
+ /* Reserve some bytes for any growth that may occur during encryption. */
+ if (!WPACKET_reserve_bytes(thispkt, MAX_ENCRYPTION_GROWTH, NULL)
/*
* We also need next the amount of bytes written to this
* sub-packet
@@ -1608,6 +1610,8 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
/* Allocate bytes for the encryption overhead */
if (!WPACKET_get_length(thispkt, &origlen)
+ /* Check we allowed enough room for the encryption growth */
+ || !ossl_assert(origlen + MAX_ENCRYPTION_GROWTH >= thiswr->length)
/* Encryption should never shrink the data! */
|| origlen > thiswr->length
|| (thiswr->length > origlen