From 56b1ac2f69545fba640c89f3291fad9f550157df Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sat, 18 Nov 2023 10:51:09 +0000
Subject: [PATCH] Check for negative EVP_CIPHER_CTX_iv_length() return in
 libssl

ok beck
---
 lib/libssl/ssl_srvr.c |  8 +++++---
 lib/libssl/t1_lib.c   | 14 ++++++++------
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index a518e1ac919..a571549b647 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.156 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.157 2023/11/18 10:51:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2343,7 +2343,7 @@ ssl3_send_newsession_ticket(SSL *s)
 	unsigned int hlen;
 	EVP_CIPHER_CTX *ctx = NULL;
 	HMAC_CTX *hctx = NULL;
-	int len;
+	int iv_len, len;
 
 	/*
 	 * New Session Ticket - RFC 5077, section 3.3.
@@ -2426,7 +2426,9 @@ ssl3_send_newsession_ticket(SSL *s)
 			goto err;
 		if (!CBB_add_bytes(&ticket, key_name, sizeof(key_name)))
 			goto err;
-		if (!CBB_add_bytes(&ticket, iv, EVP_CIPHER_CTX_iv_length(ctx)))
+		if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
+			goto err;
+		if (!CBB_add_bytes(&ticket, iv, iv_len))
 			goto err;
 		if (!CBB_add_bytes(&ticket, enc_session, enc_session_len))
 			goto err;
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 85d5eaa633e..9680c8d2131 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.197 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.198 2023/11/18 10:51:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -987,7 +987,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
 	HMAC_CTX *hctx = NULL;
 	EVP_CIPHER_CTX *cctx = NULL;
 	SSL_CTX *tctx = s->initial_ctx;
-	int slen, hlen;
+	int slen, hlen, iv_len;
 	int alert_desc = SSL_AD_INTERNAL_ERROR;
 	int ret = TLS1_TICKET_FATAL_ERROR;
 
@@ -1027,12 +1027,13 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
 			s->tlsext_ticket_expected = 1;
 		}
 
+		if ((iv_len = EVP_CIPHER_CTX_iv_length(cctx)) < 0)
+			goto err;
 		/*
 		 * Now that the cipher context is initialised, we can extract
 		 * the IV since its length is known.
 		 */
-		if (!CBS_get_bytes(ticket, &ticket_iv,
-		    EVP_CIPHER_CTX_iv_length(cctx)))
+		if (!CBS_get_bytes(ticket, &ticket_iv, iv_len))
 			goto derr;
 	} else {
 		/* Check that the key name matches. */
@@ -1040,8 +1041,9 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
 		    tctx->tlsext_tick_key_name,
 		    sizeof(tctx->tlsext_tick_key_name)))
 			goto derr;
-		if (!CBS_get_bytes(ticket, &ticket_iv,
-		    EVP_CIPHER_iv_length(EVP_aes_128_cbc())))
+		if ((iv_len = EVP_CIPHER_iv_length(EVP_aes_128_cbc())) < 0)
+			goto err;
+		if (!CBS_get_bytes(ticket, &ticket_iv, iv_len))
 			goto derr;
 		if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL,
 		    tctx->tlsext_tick_aes_key, CBS_data(&ticket_iv)))
-- 
2.20.1