Skip to content

Fix the ceiling on how much encryption growth we can have#19517

Closed
mattcaswell wants to merge 1 commit intoopenssl:openssl-3.1from
mattcaswell:fix-encryption-growth-31
Closed

Fix the ceiling on how much encryption growth we can have#19517
mattcaswell wants to merge 1 commit intoopenssl:openssl-3.1from
mattcaswell:fix-encryption-growth-31

Conversation

@mattcaswell
Copy link
Member

@mattcaswell mattcaswell commented Oct 27, 2022
edited
Loading

Stitched ciphersuites can grow by more during encryption than the code allowed for. We fix the calculation and add an assert to check we go it right.

Note that this is not a security issue. Even though we can overflow the amount of bytes reserved in the WPACKET for the encryption, the underlying buffer is still big enough.

Testing this is difficult. I would argue that the addition of the ossl_assert is sufficient for this. Adding a similar assert to 3.1 HEAD, but without the fix is enough to make the existing test suite fail.

This is a backport to 3.1/3.0 of one of the commits from #19516

Checklist
  • documentation is added or updated
  • tests are added or updated

@mattcaswell
Fix the ceiling on how much encryption growth we can have
8a7581e 
Stitched ciphersuites can grow by more during encryption than the code
allowed for. We fix the calculation and add an assert to check we go it
right.

Note that this is not a security issue. Even though we can overflow the
amount of bytes reserved in the WPACKET for the encryption, the underlying
buffer is still big enough.
@mattcaswell mattcaswell added approval: review pending This pull request needs review by a committer approval: otc review pending branch: 3.0 Applies to openssl-3.0 branch branch: 3.1 Applies to openssl-3.1 (EOL) labels Oct 27, 2022
@mattcaswell
Copy link
Member Author

mattcaswell commented Oct 27, 2022

Should we backport this to 1.1.1 as well? It's not strictly a security issue - but you could describe it as "hardening" which might mean we should put it in 1.1.1 also.

@hlandau
Copy link
Member

hlandau commented Oct 27, 2022

I'd be OK for 1.1.1.

@t8m t8m added branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) triaged: bug The issue/pr is/fixes a bug labels Oct 27, 2022
t8m
t8m approved these changes Oct 27, 2022
View reviewed changes
Copy link
Member

@t8m t8m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK for 1.1.1 as well.

@t8m t8m added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Oct 27, 2022
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Oct 28, 2022
@openssl-machine
Copy link
Collaborator

openssl-machine commented Oct 28, 2022

This pull request is ready to merge

openssl-machine pushed a commit that referenced this pull request Nov 2, 2022
@mattcaswell
Fix the ceiling on how much encryption growth we can have
eaa2060 
Stitched ciphersuites can grow by more during encryption than the code
allowed for. We fix the calculation and add an assert to check we go it
right.

Note that this is not a security issue. Even though we can overflow the
amount of bytes reserved in the WPACKET for the encryption, the underlying
buffer is still big enough.

Reviewed-by: Hugo Landau <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
(Merged from #19517)
openssl-machine pushed a commit that referenced this pull request Nov 2, 2022
@mattcaswell
Fix the ceiling on how much encryption growth we can have
f8e6dda 
Stitched ciphersuites can grow by more during encryption than the code
allowed for. We fix the calculation and add an assert to check we go it
right.

Note that this is not a security issue. Even though we can overflow the
amount of bytes reserved in the WPACKET for the encryption, the underlying
buffer is still big enough.

Reviewed-by: Hugo Landau <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
(Merged from #19517)

(cherry picked from commit eaa2060)
@mattcaswell mattcaswell removed the branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) label Nov 2, 2022
@mattcaswell
Copy link
Member Author

mattcaswell commented Nov 2, 2022

I merged this to 3.1 and 3.0. There is a non-trivial cherry-pick conflict when taking this back to 1.1.1. I will create a separate PR for the 1.1.1 backport.

@mattcaswell mattcaswell closed this Nov 2, 2022
@mattcaswell mattcaswell mentioned this pull request Nov 2, 2022
Closed
2 tasks
@mattcaswell
Copy link
Member Author

mattcaswell commented Nov 2, 2022

Backport to 1.1.1 in #19585

@mattcaswell mattcaswell mentioned this pull request Nov 7, 2022
Closed
@mattcaswell mattcaswell mentioned this pull request Jan 19, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@t8m t8m t8m approved these changes

@paulidale paulidale paulidale approved these changes

+1 more reviewer

@hlandau hlandau hlandau approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approval: ready to merge The 24 hour grace period has passed, ready to merge branch: 3.0 Applies to openssl-3.0 branch branch: 3.1 Applies to openssl-3.1 (EOL) triaged: bug The issue/pr is/fixes a bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mattcaswell @hlandau @openssl-machine @t8m @paulidale