evp: fix coverity 1473631: argument cannot be negative

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14620)
author: Pauli <ppzgs1@gmail.com> 2021-03-19 14:50:43 +1000
committer: Pauli <pauli@openssl.org> 2021-04-08 08:49:27 +1000
commit: c12bf35026af94a73402eaf13f2428a9af30f1c0 (patch)
tree: 3f0c216e0edc86619e0be03b331dcb752fd7a9a6
parent: 3bbc7b562abf4ca3221d8762fe3f749024936281 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 64759311c0..2e4a3227a1 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -78,6 +78,7 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
                                     const unsigned char *iv, int enc,
                                     const OSSL_PARAM params[])
 {
+    int n;
 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
     ENGINE *tmpimpl = NULL;
 #endif
@@ -336,9 +337,9 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
             /* fall-through */
 
         case EVP_CIPH_CBC_MODE:
-
-            OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
-                           (int)sizeof(ctx->iv));
+            n = EVP_CIPHER_CTX_iv_length(ctx);
+            if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv)))
+                    return 0;
             if (iv)
                 memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
             memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
author	Pauli <ppzgs1@gmail.com>	2021-03-19 14:50:43 +1000
committer	Pauli <pauli@openssl.org>	2021-04-08 08:49:27 +1000
commit	c12bf35026af94a73402eaf13f2428a9af30f1c0 (patch)
tree	3f0c216e0edc86619e0be03b331dcb752fd7a9a6
parent	3bbc7b562abf4ca3221d8762fe3f749024936281 (diff)