evp: fix coverity 1473631: argument cannot be negative

author Pauli <ppzgs1@gmail.com>

Fri, 19 Mar 2021 04:50:43 +0000 (14:50 +1000)

committer Pauli <pauli@openssl.org>

Wed, 7 Apr 2021 22:49:27 +0000 (08:49 +1000)
author Pauli <ppzgs1@gmail.com>
Fri, 19 Mar 2021 04:50:43 +0000 (14:50 +1000)
committer Pauli <pauli@openssl.org>
Wed, 7 Apr 2021 22:49:27 +0000 (08:49 +1000)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c

index 64759311c08396f8202beb118ebcc96368f516be..2e4a3227a10d3af7a99a832d19b1d41dcf1a6a17 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -78,6 +78,7 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
                                      const unsigned char *iv, int enc,
                                      const OSSL_PARAM params[])
  {
+    int n;
  #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
      ENGINE *tmpimpl = NULL;
  #endif
@@ -336,9 +337,9 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
              /* fall-through */
  
          case EVP_CIPH_CBC_MODE:
-
-            OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
-                           (int)sizeof(ctx->iv));
+            n = EVP_CIPHER_CTX_iv_length(ctx);
+            if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv)))
+                    return 0;
              if (iv)
                  memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
              memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
author	Pauli <ppzgs1@gmail.com>
	Fri, 19 Mar 2021 04:50:43 +0000 (14:50 +1000)
committer	Pauli <pauli@openssl.org>
	Wed, 7 Apr 2021 22:49:27 +0000 (08:49 +1000)