Merge pull request #9943 from philljj/fix_evp_set_iv_length

JacobBarthelmeh · web-flow · commit 80ba723e1623 · 2026-03-12T14:47:32.000-06:00
evp: check ivLen in wolfSSL_EVP_CIPHER_CTX_set_iv_length.
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
@@ -8449,10 +8449,15 @@ void wolfSSL_EVP_init(void)
                                              int ivLen)
     {
         WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length");
-        if (ctx)
-            ctx->ivSz= ivLen;
-        else
+        if (ctx == NULL) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (ivLen < 0 || ivLen > (int) sizeof(ctx->iv)) {
             return WOLFSSL_FAILURE;
+        }
+
+        ctx->ivSz = ivLen;
 
         return WOLFSSL_SUCCESS;
     }
