From 1b6f5a4d3b8cdb02e0bba6878a2b70c850522440 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Fri, 24 Mar 2017 09:03:54 +0100 Subject: [PATCH] Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD. Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/3023) --- crypto/evp/e_aes_cbc_hmac_sha256.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 4830c00648..bef603a3a5 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -777,11 +777,13 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: { unsigned char *p = ptr; - unsigned int len = p[arg - 2] << 8 | p[arg - 1]; + unsigned int len; if (arg != EVP_AEAD_TLS1_AAD_LEN) return -1; + len = p[arg - 2] << 8 | p[arg - 1]; + if (EVP_CIPHER_CTX_encrypting(ctx)) { key->payload_length = len; if ((key->aux.tls_ver = -- 2.25.1