Check that IV length is not less than zero

[thirdparty/openssl.git] / ssl / statem / statem_srvr.c

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 87813633e87d9f4469451f782efc0c82f1d05983..db6d40682c0363e18e90073f4afe536e875b7d76 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3809,6 +3809,10 @@ static int construct_stateless_ticket(SSL_CONNECTION *s, WPACKET *pkt,
             goto err;
         }
         iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
+        if (iv_len < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
     } else {
         EVP_CIPHER *cipher = EVP_CIPHER_fetch(sctx->libctx, "AES-256-CBC",
                                               sctx->propq);