Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
const unsigned char *iv, int enc,
const OSSL_PARAM params[])
{
+ int n;
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ENGINE *tmpimpl = NULL;
#endif
/* fall-through */
case EVP_CIPH_CBC_MODE:
-
- OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
- (int)sizeof(ctx->iv));
+ n = EVP_CIPHER_CTX_iv_length(ctx);
+ if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv)))
+ return 0;
if (iv)
memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));