diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-07-17 02:50:48 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-07-17 12:57:40 +0100 |
commit | d12eef15016e49fc09d6c96653c61624e032d1a3 (patch) | |
tree | a93f51a724ee9b14fca2083560821eb41e20dbc8 /crypto/evp/e_aes.c | |
parent | d48e78f0cf22aaddb563f4bcfccf25b1a45ac8a4 (diff) |
Sanity check lengths for AES wrap algorithm.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto/evp/e_aes.c')
-rw-r--r-- | crypto/evp/e_aes.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 504c75f8d1..ce300440a8 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -2098,7 +2098,11 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; size_t rv; if (inlen % 8) - return 0; + return -1; + if (ctx->encrypt && inlen < 8) + return -1; + if (!ctx->encrypt && inlen < 16) + return -1; if (!out) { if (ctx->encrypt) |