This could in theory result in an overread - but due to the over allocation
of the underlying buffer does not represent a security issue.
Thanks to Fedor Indutny for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5417)
EVP_CIPHER_CTX ctx;
SSL_CTX *tctx = s->initial_ctx;
+ /* Need at least keyname + iv */
+ if (eticklen < 16 + EVP_MAX_IV_LENGTH)
+ return 2;
+
/* Initialize session ticket encryption and HMAC contexts */
HMAC_CTX_init(&hctx);
EVP_CIPHER_CTX_init(&ctx);