summaryrefslogtreecommitdiffstats
path: root/crypto/evp/e_aes_cbc_hmac_sha256.c
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2015-04-27 11:07:06 +0100
committerMatt Caswell <matt@openssl.org>2015-04-30 23:12:39 +0100
commitc8269881093324b881b81472be037055571f73f3 (patch)
treec427132f22ce43de444522428b0c1fe6c193402d /crypto/evp/e_aes_cbc_hmac_sha256.c
parent873fb39f20b6763daba226b74e83fb194924c7bf (diff)
Sanity check EVP_CTRL_AEAD_TLS_AAD
The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at least 13 bytes long. Add sanity checks to ensure that the length is at least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'crypto/evp/e_aes_cbc_hmac_sha256.c')
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha256.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index bea8f6dd50..3b6827a9fd 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -817,6 +817,11 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
unsigned char *p = ptr;
unsigned int len = p[arg - 2] << 8 | p[arg - 1];
+ if (arg != EVP_AEAD_TLS1_AAD_LEN)
+ return -1;
+
+ len = p[arg - 2] << 8 | p[arg - 1];
+
if (ctx->encrypt) {
key->payload_length = len;
if ((key->aux.tls_ver =
@@ -832,8 +837,6 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
- len);
} else {
- if (arg > 13)
- arg = 13;
memcpy(key->aux.tls_aad, ptr, arg);
key->payload_length = arg;