Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.

Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3025)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2017-03-24 13:09:43 +0100
committer: Andy Polyakov <appro@openssl.org> 2017-03-25 11:17:38 +0100
commit: e704d91d273164074b21de348e86ace3e074419e (patch)
tree: d5e468a0d0403126a15a8a67e2f3f9a32167669c /crypto
parent: f49cf4afa0e408c527da08d076fec1159c3620d9 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 46c9d03389..8422aeee00 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -825,11 +825,13 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
     case EVP_CTRL_AEAD_TLS1_AAD:
         {
             unsigned char *p = ptr;
-            unsigned int len = p[arg - 2] << 8 | p[arg - 1];
+            unsigned int len;
 
             if (arg != EVP_AEAD_TLS1_AAD_LEN)
                 return -1;
 
+            len = p[arg - 2] << 8 | p[arg - 1];
+
             if (ctx->encrypt) {
                 key->payload_length = len;
                 if ((key->aux.tls_ver =
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2017-03-24 13:09:43 +0100
committer	Andy Polyakov <appro@openssl.org>	2017-03-25 11:17:38 +0100
commit	e704d91d273164074b21de348e86ace3e074419e (patch)
tree	d5e468a0d0403126a15a8a67e2f3f9a32167669c /crypto
parent	f49cf4afa0e408c527da08d076fec1159c3620d9 (diff)