check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD

        {

            unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];

            /* Correct length for explicit IV */

            if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)

                return 0;

            len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;

            /* If decrypting correct for tag too */

            if (!c->encrypt)

            if (!c->encrypt) {

                if (len < EVP_GCM_TLS_TAG_LEN)

                    return 0;

                len -= EVP_GCM_TLS_TAG_LEN;

            }

            c->buf[arg - 2] = len >> 8;

            c->buf[arg - 1] = len & 0xff;

        }

                key->payload_length = len;

                if ((key->aux.tls_ver =

                     p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {

                    if (len < AES_BLOCK_SIZE)

                        return 0;

                    len -= AES_BLOCK_SIZE;

                    p[arg - 2] = len >> 8;

                    p[arg - 1] = len;

                key->payload_length = len;

                if ((key->aux.tls_ver =

                     p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {

                    if (len < AES_BLOCK_SIZE)

                        return 0;

                    len -= AES_BLOCK_SIZE;

                    p[arg - 2] = len >> 8;

                    p[arg - 1] = len;