From a98870414773baa9e8983d98ce61ad46d60c00ff Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 18 Jul 2024 10:21:04 +0200
Subject: [PATCH] tls13_meth.c: Check for negative return from
 EVP_CIPHER_CTX_get_iv_length()

Fixes Coverity 1598052

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24929)
---
 ssl/record/methods/tls13_meth.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c
index 706a0b8623f..dc21bdd5d29 100644
--- a/ssl/record/methods/tls13_meth.c
+++ b/ssl/record/methods/tls13_meth.c
@@ -128,10 +128,18 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
     }
 
     /* For integrity-only ciphers, nonce_len is same as MAC size */
-    if (rl->mac_ctx != NULL)
+    if (rl->mac_ctx != NULL) {
         nonce_len = EVP_MAC_CTX_get_mac_size(rl->mac_ctx);
-    else
-        nonce_len = EVP_CIPHER_CTX_get_iv_length(enc_ctx);
+    } else {
+        int ivlen = EVP_CIPHER_CTX_get_iv_length(enc_ctx);
+
+        if (ivlen < 0) {
+            /* Should not happen */
+            RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        nonce_len = (size_t)ivlen;
+    }
 
     if (!sending) {
         /*
-- 
2.47.2