check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD

[openssl.git] / engines / e_dasync.c

diff --git a/engines/e_dasync.c b/engines/e_dasync.c
index 89b12775b1c4896401fe4eacddfb69a8a1724c60..4e3e9369fc6367e75cd7a5c4b398bc8c8e299aa1 100644 (file)
--- a/engines/e_dasync.c
+++ b/engines/e_dasync.c
@@ -606,6 +606,8 @@ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
 
             if (pipe_ctx->enc) {
                 if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
+                    if (len < AES_BLOCK_SIZE)
+                        return 0;
                     len -= AES_BLOCK_SIZE;
                 }