CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2019/04/03 09:33:37
Modified files: lib/libcrypto/evp: e_aes_cbc_hmac_sha1.c Log message: Avoid some out of bound accesses in aesni_cbc_hmac_sha1_cipher(). The plen variable can be NO_PAYLOAD_LENGTH == (size_t)-1, so doing tls_aad[plen-4] is no good. Also check that the length of the AAD set via the control interface is equal to 13 since the whole file is written with that case in mind. Note that we no longer use this code in LibreSSL/OpenBSD. We eliminated the use of these control interfaces and stitched cipher modes in libssl a while ago. Problem found by Guido Vranken with his cryptofuzz - thanks! input & ok beck, jsing