Fix missing EVP_CIPHER_get_iv_length() guard in PKCS5_pbe2_set_scrypt

Store the return value of EVP_CIPHER_get_iv_length() in a local variable
and guard with (ivlen > 0) before passing to memcpy/RAND_bytes, matching
the pattern already used in p5_pbev2.c. Without this, a negative return
value (-1) is implicitly converted to SIZE_MAX when cast to size_t,
causing a stack buffer overflow on iv[EVP_MAX_IV_LENGTH].

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Fri Mar 27 16:14:09 2026
(Merged from https://github.com/openssl/openssl/pull/30510)

(cherry picked from commit 3e903838e341e9fc884c4d87e4a295d4a722414b)

diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c
index e52e124bebd6a5a74576e7f808662547daa06959..64980a1a684956d431b595d96a0fbd6eab0b7522 100644 (file)
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
@@ -46,7 +46,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
     uint64_t p)
 {
     X509_ALGOR *scheme = NULL, *ret = NULL;
-    int alg_nid;
+    int alg_nid, ivlen;
     size_t keylen = 0;
     EVP_CIPHER_CTX *ctx = NULL;
     unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -85,10 +85,11 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
     }
 
     /* Create random IV */
-    if (EVP_CIPHER_get_iv_length(cipher)) {
+    ivlen = EVP_CIPHER_get_iv_length(cipher);
+    if (ivlen > 0) {
         if (aiv)
-            memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher));
-        else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0)
+            memcpy(iv, aiv, ivlen);
+        else if (RAND_bytes(iv, ivlen) <= 0)
             goto err;
     }