diff options
-rw-r--r-- | mysys_ssl/my_crypt.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index 49bd9af3f60..5411a908bf8 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -168,6 +168,9 @@ public: */ if (!ctx.encrypt) { + /* encrypted string must contain authenticaton tag (see MDEV-11174) */ + if (slen < MY_AES_BLOCK_SIZE) + return MY_AES_BAD_DATA; slen-= MY_AES_BLOCK_SIZE; if(!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, MY_AES_BLOCK_SIZE, (void*)(src + slen))) |