Branch: refs/heads/OpenSSL_1_1_1-stable
Home: https://github.com/openssl/openssl
Commit: 31efcf2c872f8f4d09ad5209ccbf1ada73436775
https://github.com/openssl/openssl/commit/31efcf2c872f8f4d09ad5209ccbf1ada73436775
Author: Matt Caswell <m...@openssl.org>
Date: 2022-12-05 (Mon, 05 Dec 2022)
Changed paths:
M ssl/record/rec_layer_s3.c
Log Message:
-----------
Fix the ceiling on how much encryption growth we can have
Stitched ciphersuites can grow by more during encryption than the code
allowed for. We fix the calculation and add an assert to check we go it
right.
Also if we are adding the MAC independently of the cipher algorithm then
the encryption growth will not include that MAC so we should remove it
from the amount of bytes that we reserve for that growth. Otherwise we
might exceed our buffer size and the WPACKET_reserve operation will
fail.
Note that this is not a security issue. Even though we can overflow the
amount of bytes reserved in the WPACKET for the encryption, the underlying
buffer is still big enough.
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Hugo Landau <hlan...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19585)
