Fix missing EVP_CIPHER_get_iv_length() guard in PKCS5_pbe2_set_scrypt
Store the return value of EVP_CIPHER_get_iv_length() in a local variable
and guard with (ivlen > 0) before passing to memcpy/RAND_bytes, matching
the pattern already used in p5_pbev2.c. Without this, a negative return
value (-1) is implicitly converted to SIZE_MAX when cast to size_t,
causing a stack buffer overflow on iv[EVP_MAX_IV_LENGTH].
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Fri Mar 27 16:14:09 2026
(Merged from https://github.com/openssl/openssl/pull/30510)
(cherry picked from commit
3e903838e341e9fc884c4d87e4a295d4a722414b)
projects / thirdparty / openssl.git / commit
