[openssl] master update
Matt Caswell
matt at openssl.org
Fri May 15 10:36:18 UTC 2020
The branch master has been updated
via d30ef639647ad263d09740c931a5bfb5a8b6a5f6 (commit)
from 76899264cbff822929f29f3d56c640368461d7f6 (commit)
- Log -----------------------------------------------------------------
commit d30ef639647ad263d09740c931a5bfb5a8b6a5f6
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 8 11:12:10 2020 +0100
Correct alignment calculation in ssl3_setup_write
The alignment calculation in ssl3_setup_write incorrectly results in an
alignment allowance of
(-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1) bytes. This equals 3
in almost all cases. The maximum alignment actually used in do_ssl3_write
is (SSL3_ALIGN_PAYLOAD - 1). This equals 7 bytes in almost all cases. So
there is a potential to overrun the buffer by up to 4 bytes.
Fortunately, the encryption overhead allowed for is 80 bytes which
consists of 16 bytes for the cipher block size and 64 bytes for the MAC
output. However the biggest MAC that we ever produce is HMAC-384 which is
48 bytes - so we have a headroom of 16 bytes (i.e. more than the 4 bytes
of potential overrun).
Thanks to Nagesh Hegde for reporting this.
Fixes #11766
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11768)
-----------------------------------------------------------------------
Summary of changes:
ssl/record/ssl3_buffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index 5e2cceee27..2c25099e10 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -94,7 +94,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
headerlen = SSL3_RT_HEADER_LENGTH;
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
- align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
+ align = SSL3_ALIGN_PAYLOAD - 1;
#endif
len = ssl_get_max_send_fragment(s)
More information about the openssl-commits
mailing list