diff --git a/src/internal.c b/src/internal.c index 92181d2bcf..5d4bae5f57 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2063,7 +2063,11 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf, } if (ret == 0) { - rc = ImportCipherSpecState(ssl, buf + idx, length, version, type); + /* Pass remaining buffer size rather than the stored spec length: + * when TLS+AES is active, ExportCipherSpecState writes 2*AES_BLOCK_SIZE + * of extra state immediately after the 16-byte cipher-spec block, and + * the on-wire length prefix does not cover those bytes. */ + rc = ImportCipherSpecState(ssl, buf + idx, sz - idx, version, type); if (rc < 0) { WOLFSSL_MSG("Import CipherSpecs struct error"); ret = rc;