mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-12 13:36:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

QUIC QRX: Handle negative IV length values correctly (coverity)

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
This commit is contained in:
Hugo Landau 2023-07-27 16:05:18 +01:00
parent 3887546dcf
commit b538ae4fbf
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/quic/quic_record_rx.c
View File

@ -685,9 +685,9 @@ static int qrx_decrypt_pkt_body(OSSL_QRX *qrx, unsigned char *dst,
unsigned char key_phase_bit,
uint64_t *rx_key_epoch)
{
int l = 0, l2 = 0, is_old_key;
int l = 0, l2 = 0, is_old_key, nonce_len;
unsigned char nonce[EVP_MAX_IV_LENGTH];
size_t nonce_len, i, cctx_idx;
size_t i, cctx_idx;
OSSL_QRL_ENC_LEVEL *el = ossl_qrl_enc_level_set_get(&qrx->el_set,
enc_level, 1);
EVP_CIPHER_CTX *cctx;
@ -731,7 +731,7 @@ static int qrx_decrypt_pkt_body(OSSL_QRX *qrx, unsigned char *dst,
/* Construct nonce (nonce=IV ^ PN). */
nonce_len = EVP_CIPHER_CTX_get_iv_length(cctx);
if (!ossl_assert(nonce_len >= sizeof(QUIC_PN)))
if (!ossl_assert(nonce_len >= (int)sizeof(QUIC_PN)))
return 0;
memcpy(nonce, el->iv[cctx_idx], nonce_len);