diff options
| author | Matt Caswell <matt@openssl.org> | 2015-04-27 12:07:06 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-05-01 00:12:39 +0200 |
| commit | c8269881093324b881b81472be037055571f73f3 (patch) | |
| tree | c427132f22ce43de444522428b0c1fe6c193402d /apps | |
| parent | Sanity check DES_enc_write buffer length (diff) | |
| download | openssl-c8269881093324b881b81472be037055571f73f3.tar.xz openssl-c8269881093324b881b81472be037055571f73f3.zip | |
Sanity check EVP_CTRL_AEAD_TLS_AAD
The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at
least 13 bytes long. Add sanity checks to ensure that the length is at
least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to
represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/speed.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/apps/speed.c b/apps/speed.c index 720ab1cc21..08ab9c5fa6 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2456,7 +2456,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) print_message(alg_name, 0, mblengths[j]); Time_F(START); for (count = 0, run = 1; run && count < 0x7fffffff; count++) { - unsigned char aad[13]; + unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t len = mblengths[j]; int packlen; @@ -2491,7 +2491,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) aad[11] = len >> 8; aad[12] = len; pad = EVP_CIPHER_CTX_ctrl(&ctx, - EVP_CTRL_AEAD_TLS1_AAD, 13, aad); + EVP_CTRL_AEAD_TLS1_AAD, + EVP_AEAD_TLS1_AAD_LEN, aad); EVP_Cipher(&ctx, out, inp, len + pad); } } |