From 0ddde712794c8b51f688e2ffacdbd6e06058820b Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Wed, 15 Apr 2026 17:07:22 -0500 Subject: [PATCH] Fix from review --- src/internal.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 92181d2bcf..5d4bae5f57 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2063,7 +2063,11 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf, } if (ret == 0) { - rc = ImportCipherSpecState(ssl, buf + idx, length, version, type); + /* Pass remaining buffer size rather than the stored spec length: + * when TLS+AES is active, ExportCipherSpecState writes 2*AES_BLOCK_SIZE + * of extra state immediately after the 16-byte cipher-spec block, and + * the on-wire length prefix does not cover those bytes. */ + rc = ImportCipherSpecState(ssl, buf + idx, sz - idx, version, type); if (rc < 0) { WOLFSSL_MSG("Import CipherSpecs struct error"); ret = rc;