From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 18 Jul 2024 08:21:04 +0000 (+0200)
Subject: tls13_meth.c: Check for negative return from EVP_CIPHER_CTX_get_iv_length()
X-Git-Tag: openssl-3.4.0-alpha1~307
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a98870414773baa9e8983d98ce61ad46d60c00ff;p=thirdparty%2Fopenssl.git

tls13_meth.c: Check for negative return from EVP_CIPHER_CTX_get_iv_length()

Fixes Coverity 1598052

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24929)
---

diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c
index 706a0b8623f..dc21bdd5d29 100644
--- a/ssl/record/methods/tls13_meth.c
+++ b/ssl/record/methods/tls13_meth.c
@@ -128,10 +128,18 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
     }
 
     /* For integrity-only ciphers, nonce_len is same as MAC size */
-    if (rl->mac_ctx != NULL)
+    if (rl->mac_ctx != NULL) {
         nonce_len = EVP_MAC_CTX_get_mac_size(rl->mac_ctx);
-    else
-        nonce_len = EVP_CIPHER_CTX_get_iv_length(enc_ctx);
+    } else {
+        int ivlen = EVP_CIPHER_CTX_get_iv_length(enc_ctx);
+
+        if (ivlen < 0) {
+            /* Should not happen */
+            RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        nonce_len = (size_t)ivlen;
+    }
 
     if (!sending) {
         /*