CVE-2021-23840

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflowthe output length argument in some cases where the input length is close to themaximum permissable length for an integer on the platform. In such cases thereturn value from the function call will be 1 (indicating success), but theoutput length value will be negative. This could cause applications to behaveincorrectly or crash.