From 0341ff9774283b85179bc07c0cfc80d6e547771e Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Mon, 7 Jun 2021 09:36:04 +1000
Subject: evp: fix coverity 1485666 argument cannot be negative

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)
---
 crypto/evp/e_aes.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index e43076752f..6d5506056e 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -3555,21 +3555,25 @@ typedef struct {
 static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                              const unsigned char *iv, int enc)
 {
+    int len;
     EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
-    if (!iv && !key)
+
+    if (iv == NULL && key == NULL)
         return 1;
-    if (key) {
+    if (key != NULL) {
         if (EVP_CIPHER_CTX_is_encrypting(ctx))
             AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                 &wctx->ks.ks);
         else
             AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                 &wctx->ks.ks);
-        if (!iv)
+        if (iv == NULL)
             wctx->iv = NULL;
     }
-    if (iv) {
-        memcpy(ctx->iv, iv, EVP_CIPHER_CTX_get_iv_length(ctx));
+    if (iv != NULL) {
+        if ((len = EVP_CIPHER_CTX_get_iv_length(ctx)) < 0)
+            return 0;
+        memcpy(ctx->iv, iv, len);
         wctx->iv = ctx->iv;
     }
     return 1;
-- 
cgit v1.2.3