diff options
| author | Andy Polyakov <appro@openssl.org> | 2011-10-23 22:58:40 +0000 |
|---|---|---|
| committer | Andy Polyakov <appro@openssl.org> | 2011-10-23 22:58:40 +0000 |
| commit | 507b0d9d38486dbde08d7dc359d2d6fc904ee624 (patch) | |
| tree | 20a2ab63830e6c40cb636f260c54cd4dd9ed9f11 | |
| parent | 181fbb77f3357f403b9635c10b696a2165328f27 (diff) | |
e_aes.c: prevent potential DoS in aes_gcm_tls_cipher.
| -rw-r--r-- | crypto/evp/e_aes.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index e3bd2b4982..95d7421168 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -940,7 +940,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, EVP_AES_GCM_CTX *gctx = ctx->cipher_data; int rv = -1; /* Encrypt/decrypt must be performed in place */ - if (out != in) + if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN+EVP_GCM_TLS_TAG_LEN)) return -1; /* Set IV from start of buffer or generate IV and write to start * of buffer. |