From 59419bef8973829a764054ce460e2aae4eac3d3b Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Wed, 26 Dec 2012 10:11:15 -0800
Subject: [PATCH] non block type ciphertext sanity checks

---
 src/internal.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index e70e90ce6..cd09f3ed8 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3046,6 +3046,15 @@ static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz)
         minLength = ssl->specs.hash_size + 1;  /* pad byte */
         if (ssl->specs.block_size > minLength)
             minLength = ssl->specs.block_size;
+
+        if (ssl->options.tls1_1)
+            minLength += ssl->specs.block_size;  /* explicit IV */
+    }
+    else if (ssl->specs.cipher_type == stream) {
+        minLength = ssl->specs.hash_size;
+    }
+    else if (ssl->specs.cipher_type == aead) {
+        minLength = ssl->specs.block_size;   /* actual min? */
     }
 
     if (encryptSz < minLength) {