[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Andy Polyakov
appro at openssl.org
Sat Mar 25 10:14:16 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 2ba62f06496f809814ab7fd4028887216387d65b (commit)
from 943a3ccb968f3544be4b03099ab04a400b758f11 (commit)
- Log -----------------------------------------------------------------
commit 2ba62f06496f809814ab7fd4028887216387d65b
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Fri Mar 24 09:03:54 2017 +0100
Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.
Reviewed-by: Andy Polyakov <appro at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3023)
(cherry picked from commit 1b6f5a4d3b8cdb02e0bba6878a2b70c850522440)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/e_aes_cbc_hmac_sha256.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 5a92e0b..93b88a0 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -777,11 +777,13 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
case EVP_CTRL_AEAD_TLS1_AAD:
{
unsigned char *p = ptr;
- unsigned int len = p[arg - 2] << 8 | p[arg - 1];
+ unsigned int len;
if (arg != EVP_AEAD_TLS1_AAD_LEN)
return -1;
+ len = p[arg - 2] << 8 | p[arg - 1];
+
if (EVP_CIPHER_CTX_encrypting(ctx)) {
key->payload_length = len;
if ((key->aux.tls_ver =
More information about the openssl-commits
mailing list