diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2017-03-24 13:09:43 +0100 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2017-03-25 11:17:38 +0100 |
commit | e704d91d273164074b21de348e86ace3e074419e (patch) | |
tree | d5e468a0d0403126a15a8a67e2f3f9a32167669c /crypto | |
parent | f49cf4afa0e408c527da08d076fec1159c3620d9 (diff) |
Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3025)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/e_aes_cbc_hmac_sha256.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 46c9d03389..8422aeee00 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -825,11 +825,13 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: { unsigned char *p = ptr; - unsigned int len = p[arg - 2] << 8 | p[arg - 1]; + unsigned int len; if (arg != EVP_AEAD_TLS1_AAD_LEN) return -1; + len = p[arg - 2] << 8 | p[arg - 1]; + if (ctx->encrypt) { key->payload_length = len; if ((key->aux.tls_ver = |