[openssl/openssl] eaa206: Fix the ceiling on how much encryption growth we c...
Matt Caswell
noreply at github.com
Wed Nov 2 10:25:53 UTC 2022
Branch: refs/heads/openssl-3.1
Home: https://github.com/openssl/openssl
Commit: eaa206007322ab0b1eaf9f83485e56deafc9df80
https://github.com/openssl/openssl/commit/eaa206007322ab0b1eaf9f83485e56deafc9df80
Author: Matt Caswell <matt at openssl.org>
Date: 2022-11-02 (Wed, 02 Nov 2022)
Changed paths:
M ssl/record/rec_layer_s3.c
Log Message:
-----------
Fix the ceiling on how much encryption growth we can have
Stitched ciphersuites can grow by more during encryption than the code
allowed for. We fix the calculation and add an assert to check we go it
right.
Note that this is not a security issue. Even though we can overflow the
amount of bytes reserved in the WPACKET for the encryption, the underlying
buffer is still big enough.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19517)
More information about the openssl-commits
mailing list