diff options
Diffstat (limited to '')
| -rw-r--r-- | freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c b/freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c index 4ecd28ee..1a683da2 100644 --- a/freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/freebsd/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -827,15 +827,19 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: { unsigned char *p = ptr; - unsigned int len = p[arg - 2] << 8 | p[arg - 1]; + unsigned int len; if (arg != EVP_AEAD_TLS1_AAD_LEN) return -1; + len = p[arg - 2] << 8 | p[arg - 1]; + if (ctx->encrypt) { key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { + if (len < AES_BLOCK_SIZE) + return 0; len -= AES_BLOCK_SIZE; p[arg - 2] = len >> 8; p[arg - 1] = len; |