Sanity check EVP_CTRL_AEAD_TLS_AAD

The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at least 13 bytes long. Add sanity checks to ensure that the length is at least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-04-27 11:07:06 +0100
committer: Matt Caswell <matt@openssl.org> 2015-04-30 23:12:39 +0100
commit: c8269881093324b881b81472be037055571f73f3 (patch)
tree: c427132f22ce43de444522428b0c1fe6c193402d /crypto/evp/e_rc4_hmac_md5.c
parent: 873fb39f20b6763daba226b74e83fb194924c7bf (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 7c4bd34d9b..1ba690da11 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -257,7 +257,12 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
     case EVP_CTRL_AEAD_TLS1_AAD:
         {
             unsigned char *p = ptr;
-            unsigned int len = p[arg - 2] << 8 | p[arg - 1];
+            unsigned int len;
+
+            if (arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
 
             if (!ctx->encrypt) {
                 len -= MD5_DIGEST_LENGTH;
author	Matt Caswell <matt@openssl.org>	2015-04-27 11:07:06 +0100
committer	Matt Caswell <matt@openssl.org>	2015-04-30 23:12:39 +0100
commit	c8269881093324b881b81472be037055571f73f3 (patch)
tree	c427132f22ce43de444522428b0c1fe6c193402d /crypto/evp/e_rc4_hmac_md5.c
parent	873fb39f20b6763daba226b74e83fb194924c7bf (diff)