diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-07-17 02:50:48 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-07-17 12:58:42 +0100 |
| commit | 6e1e5996df318132eb4188e80faa17f64d94009a (patch) | |
| tree | f86ac8ce1706812c2caf53c3098673141b9106db /crypto/evp | |
| parent | 6ccd120f5f85c6fe61bcab6d635e4fdc22df4722 (diff) | |
Sanity check lengths for AES wrap algorithm.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit d12eef15016e49fc09d6c96653c61624e032d1a3)
Diffstat (limited to 'crypto/evp')
| -rw-r--r-- | crypto/evp/e_aes.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 8150e02f87..d20cecaaad 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -2076,7 +2076,11 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; size_t rv; if (inlen % 8) - return 0; + return -1; + if (ctx->encrypt && inlen < 8) + return -1; + if (!ctx->encrypt && inlen < 16) + return -1; if (!out) { if (ctx->encrypt) |