evp: fix coverity 1473631: argument cannot be negative

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
This commit is contained in:
Pauli 2021-03-19 14:50:43 +10:00 committed by Pauli
parent 3bbc7b562a
commit c12bf35026

View File

@ -78,6 +78,7 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
const unsigned char *iv, int enc,
const OSSL_PARAM params[])
{
int n;
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ENGINE *tmpimpl = NULL;
#endif
@ -336,9 +337,9 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
/* fall-through */
case EVP_CIPH_CBC_MODE:
OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
(int)sizeof(ctx->iv));
n = EVP_CIPHER_CTX_iv_length(ctx);
if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv)))
return 0;
if (iv)
memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));