Sanity check EVP_CTRL_AEAD_TLS_AAD

The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at least 13 bytes long. Add sanity checks to ensure that the length is at least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-04-27 11:07:06 +0100
committer: Matt Caswell <matt@openssl.org> 2015-04-30 23:12:39 +0100
commit: c8269881093324b881b81472be037055571f73f3 (patch)
tree: c427132f22ce43de444522428b0c1fe6c193402d /include
parent: 873fb39f20b6763daba226b74e83fb194924c7bf (diff)
download: openssl-c8269881093324b881b81472be037055571f73f3.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 0d26fd3129..4df3ce72c1 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -426,6 +426,9 @@ struct evp_cipher_st {
 # define         EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT      0x1b
 # define         EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE  0x1c
 
+/* RFC 5246 defines additional data to be 13 bytes in length */
+# define         EVP_AEAD_TLS1_AAD_LEN           13
+
 typedef struct {
     unsigned char *out;
     const unsigned char *inp;
author	Matt Caswell <matt@openssl.org>	2015-04-27 11:07:06 +0100
committer	Matt Caswell <matt@openssl.org>	2015-04-30 23:12:39 +0100
commit	c8269881093324b881b81472be037055571f73f3 (patch)
tree	c427132f22ce43de444522428b0c1fe6c193402d /include
parent	873fb39f20b6763daba226b74e83fb194924c7bf (diff)
download	openssl-c8269881093324b881b81472be037055571f73f3.tar.gz