From: Pauli <ppzgs1@gmail.com>
Date: Fri, 19 Mar 2021 04:50:43 +0000 (+1000)
Subject: evp: fix coverity 1473631: argument cannot be negative
X-Git-Tag: openssl-3.0.0-alpha14~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c12bf35026af94a73402eaf13f2428a9af30f1c0;p=thirdparty%2Fopenssl.git

evp: fix coverity 1473631: argument cannot be negative

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
---

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 64759311c08..2e4a3227a10 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -78,6 +78,7 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
                                     const unsigned char *iv, int enc,
                                     const OSSL_PARAM params[])
 {
+    int n;
 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
     ENGINE *tmpimpl = NULL;
 #endif
@@ -336,9 +337,9 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
             /* fall-through */
 
         case EVP_CIPH_CBC_MODE:
-
-            OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
-                           (int)sizeof(ctx->iv));
+            n = EVP_CIPHER_CTX_iv_length(ctx);
+            if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv)))
+                    return 0;
             if (iv)
                 memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
             memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));