Check for negative IV length

A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle
that this function returns -1. This can only happen for an incorrectly set
up EVP_CIPHER. Still it is better form to check for negative lengths before
stuffing it into a memcpy().

It would probably be desirable to cap the iv_length to something large
enough. This can be done another time.

ok beck

1 files changed, 6 insertions, 2 deletions

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 3d357f0119..eb7f520282 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.54 2023/09/28 11:29:10 tb Exp $ */
+/* $OpenBSD: e_aes.c,v 1.55 2023/11/18 09:37:15 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -2460,7 +2460,11 @@ aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         }
 
         if (iv != NULL) {
-                memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+                int iv_len = EVP_CIPHER_CTX_iv_length(ctx);
+
+                if (iv_len < 0 || iv_len > sizeof(ctx->iv))
+                        return 0;
+                memcpy(ctx->iv, iv, iv_len);
                 wctx->iv = ctx->iv;
         }