tls13_meth.c: Check for negative return from EVP_CIPHER_CTX_get_iv_length()

author Tomas Mraz <tomas@openssl.org>

Thu, 18 Jul 2024 08:21:04 +0000 (10:21 +0200)

committer Todd Short <todd.short@me.com>

Sun, 21 Jul 2024 16:00:20 +0000 (12:00 -0400)
author Tomas Mraz <tomas@openssl.org>
Thu, 18 Jul 2024 08:21:04 +0000 (10:21 +0200)
committer Todd Short <todd.short@me.com>
Sun, 21 Jul 2024 16:00:20 +0000 (12:00 -0400)
diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c

index 706a0b8623fdf09de160eca843704bbcf6489223..dc21bdd5d293af55fc83d966e3dcc07986e232b5 100644 (file)
--- a/ssl/record/methods/tls13_meth.c
+++ b/ssl/record/methods/tls13_meth.c
@@ -128,10 +128,18 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
      }
  
      /* For integrity-only ciphers, nonce_len is same as MAC size */
-    if (rl->mac_ctx != NULL)
+    if (rl->mac_ctx != NULL) {
          nonce_len = EVP_MAC_CTX_get_mac_size(rl->mac_ctx);
-    else
-        nonce_len = EVP_CIPHER_CTX_get_iv_length(enc_ctx);
+    } else {
+        int ivlen = EVP_CIPHER_CTX_get_iv_length(enc_ctx);
+
+        if (ivlen < 0) {
+            /* Should not happen */
+            RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        nonce_len = (size_t)ivlen;
+    }
  
      if (!sending) {
          /*
author	Tomas Mraz <tomas@openssl.org>
	Thu, 18 Jul 2024 08:21:04 +0000 (10:21 +0200)
committer	Todd Short <todd.short@me.com>
	Sun, 21 Jul 2024 16:00:20 +0000 (12:00 -0400)