[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Fri May 15 10:43:20 UTC 2020 

The branch OpenSSL_1_1_1-stable has been updated
       via  df943912046aee2e5e541949dbdbafa38819f195 (commit)
      from  fa41bbe00ef03cf7f8bb0c6f20fa59d451fc7bca (commit)


- Log -----------------------------------------------------------------
commit df943912046aee2e5e541949dbdbafa38819f195
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 8 11:12:10 2020 +0100

    Correct alignment calculation in ssl3_setup_write
    
    The alignment calculation in ssl3_setup_write incorrectly results in an
    alignment allowance of
    (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1) bytes. This equals 3
    in almost all cases. The maximum alignment actually used in do_ssl3_write
    is (SSL3_ALIGN_PAYLOAD - 1). This equals 7 bytes in almost all cases. So
    there is a potential to overrun the buffer by up to 4 bytes.
    
    Fortunately, the encryption overhead allowed for is 80 bytes which
    consists of 16 bytes for the cipher block size and 64 bytes for the MAC
    output. However the biggest MAC that we ever produce is HMAC-384 which is
    48 bytes - so we have a headroom of 16 bytes (i.e. more than the 4 bytes
    of potential overrun).
    
    Thanks to Nagesh Hegde for reporting this.
    
    Fixes #11766
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/11768)
    
    (cherry picked from commit d30ef639647ad263d09740c931a5bfb5a8b6a5f6)

-----------------------------------------------------------------------

Summary of changes:
 ssl/record/ssl3_buffer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index 605f8f9b75..56c0d78b12 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -94,7 +94,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
             headerlen = SSL3_RT_HEADER_LENGTH;
 
 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-        align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
+        align = SSL3_ALIGN_PAYLOAD - 1;
 #endif
 
         len = ssl_get_max_send_fragment(s)

More information about the openssl-commits mailing list