diff options
| author | Matt Caswell <matt@openssl.org> | 2015-04-27 11:07:06 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-04-30 23:21:50 +0100 |
| commit | 1a3701f4fe0530a40ec073cd78d02cfcc26c0f8e (patch) | |
| tree | e65bb7e707aa8c54541abb9699a7a1cf45f5d9ee /apps | |
| parent | 4ce06271aac5ebddf02854191611613af5ec83f8 (diff) | |
Sanity check EVP_CTRL_AEAD_TLS_AAD
The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at
least 13 bytes long. Add sanity checks to ensure that the length is at
least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to
represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit c8269881093324b881b81472be037055571f73f3)
Conflicts:
ssl/record/ssl3_record.c
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/speed.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/apps/speed.c b/apps/speed.c index 8c350ee83d..3697b71ec1 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2791,7 +2791,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) print_message(alg_name, 0, mblengths[j]); Time_F(START); for (count = 0, run = 1; run && count < 0x7fffffff; count++) { - unsigned char aad[13]; + unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t len = mblengths[j]; int packlen; @@ -2826,7 +2826,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) aad[11] = len >> 8; aad[12] = len; pad = EVP_CIPHER_CTX_ctrl(&ctx, - EVP_CTRL_AEAD_TLS1_AAD, 13, aad); + EVP_CTRL_AEAD_TLS1_AAD, + EVP_AEAD_TLS1_AAD_LEN, aad); EVP_Cipher(&ctx, out, inp, len + pad); } } |