check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3289)
This commit is contained in:
parent
8af91fd9d0
commit
a68d35057b
3 changed files with 6 additions and 0 deletions
|
@ -809,6 +809,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
|
||||||
key->payload_length = len;
|
key->payload_length = len;
|
||||||
if ((key->aux.tls_ver =
|
if ((key->aux.tls_ver =
|
||||||
p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
|
p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
|
||||||
|
if (len < AES_BLOCK_SIZE)
|
||||||
|
return 0;
|
||||||
len -= AES_BLOCK_SIZE;
|
len -= AES_BLOCK_SIZE;
|
||||||
p[arg - 2] = len >> 8;
|
p[arg - 2] = len >> 8;
|
||||||
p[arg - 1] = len;
|
p[arg - 1] = len;
|
||||||
|
|
|
@ -788,6 +788,8 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
|
||||||
key->payload_length = len;
|
key->payload_length = len;
|
||||||
if ((key->aux.tls_ver =
|
if ((key->aux.tls_ver =
|
||||||
p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
|
p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
|
||||||
|
if (len < AES_BLOCK_SIZE)
|
||||||
|
return 0;
|
||||||
len -= AES_BLOCK_SIZE;
|
len -= AES_BLOCK_SIZE;
|
||||||
p[arg - 2] = len >> 8;
|
p[arg - 2] = len >> 8;
|
||||||
p[arg - 1] = len;
|
p[arg - 1] = len;
|
||||||
|
|
|
@ -606,6 +606,8 @@ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
|
||||||
|
|
||||||
if (pipe_ctx->enc) {
|
if (pipe_ctx->enc) {
|
||||||
if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
|
if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
|
||||||
|
if (len < AES_BLOCK_SIZE)
|
||||||
|
return 0;
|
||||||
len -= AES_BLOCK_SIZE;
|
len -= AES_BLOCK_SIZE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue