Fix from review

This commit is contained in:
Eric Blankenhorn
2026-04-15 17:07:22 -05:00
parent c429a41121
commit 0ddde71279
+5 -1
View File
@@ -2063,7 +2063,11 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf,
}
if (ret == 0) {
rc = ImportCipherSpecState(ssl, buf + idx, length, version, type);
/* Pass remaining buffer size rather than the stored spec length:
* when TLS+AES is active, ExportCipherSpecState writes 2*AES_BLOCK_SIZE
* of extra state immediately after the 16-byte cipher-spec block, and
* the on-wire length prefix does not cover those bytes. */
rc = ImportCipherSpecState(ssl, buf + idx, sz - idx, version, type);
if (rc < 0) {
WOLFSSL_MSG("Import CipherSpecs struct error");
ret = rc;