From 6a360ebfde9921b9cacbee724fe25d646e4499d5 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Sun, 30 Oct 2022 13:05:01 +0000 Subject: [tls] Ensure cipher alignment size is respected Adjust the length of the first received ciphertext data buffer to ensure that all decryption operations respect the cipher's alignment size. Signed-off-by: Michael Brown --- src/net/tls.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/net/tls.c b/src/net/tls.c index f4f8d93..d2b8d60 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -3004,13 +3004,24 @@ static struct interface_descriptor tls_plainstream_desc = * @ret rc Returned status code */ static int tls_newdata_process_header ( struct tls_connection *tls ) { + struct tls_cipherspec *cipherspec = &tls->rx_cipherspec; + struct cipher_algorithm *cipher = cipherspec->suite->cipher; + size_t iv_len = cipherspec->suite->record_iv_len; size_t data_len = ntohs ( tls->rx_header.length ); size_t remaining = data_len; size_t frag_len; + size_t reserve; struct io_buffer *iobuf; struct io_buffer *tmp; int rc; + /* Sanity check */ + assert ( ( TLS_RX_BUFSIZE % cipher->alignsize ) == 0 ); + + /* Calculate alignment reservation at start of first data buffer */ + reserve = ( ( -iv_len ) & ( cipher->alignsize - 1 ) ); + remaining += reserve; + /* Allocate data buffers now that we know the length */ assert ( list_empty ( &tls->rx_data ) ); while ( remaining ) { @@ -3045,6 +3056,13 @@ static int tls_newdata_process_header ( struct tls_connection *tls ) { */ iob_reserve ( iobuf, ( iob_tailroom ( iobuf ) - frag_len ) ); + /* Ensure first buffer length will be aligned to a + * multiple of the cipher alignment size after + * stripping the record IV. + */ + iob_reserve ( iobuf, reserve ); + reserve = 0; + /* Add I/O buffer to list */ list_add_tail ( &iobuf->list, &tls->rx_data ); } -- cgit v1.1