hmac: fix coverity 1484888 negative integer to size_t conversion

More theoretical than real but easy and cheap to check for. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15300)
author: Pauli <pauli@openssl.org> 2021-05-17 09:45:33 +1000
committer: Pauli <pauli@openssl.org> 2021-05-18 13:24:41 +1000
commit: 678d0dba6cdcae7dd742d4d0d65da101e9ada1d2 (patch)
tree: c51f4de7a8c4a8b84ecb577164a05b3e24ee023a
parent: 84c5ad23e13a95d962fe52a5aeb23c0c525f0166 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 6d142f2cbb..f800cb8f89 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -221,10 +221,13 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
                     unsigned char *md, unsigned int *md_len)
 {
     static unsigned char static_md[EVP_MAX_MD_SIZE];
+    int size = EVP_MD_size(evp_md);
 
+    if (size < 0)
+        return NULL;
     return EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_name(evp_md), NULL,
                      key, key_len, data, data_len,
-                     md == NULL ? static_md : md, EVP_MD_size(evp_md), md_len);
+                     md == NULL ? static_md : md, size, md_len);
 }
 
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
author	Pauli <pauli@openssl.org>	2021-05-17 09:45:33 +1000
committer	Pauli <pauli@openssl.org>	2021-05-18 13:24:41 +1000
commit	678d0dba6cdcae7dd742d4d0d65da101e9ada1d2 (patch)
tree	c51f4de7a8c4a8b84ecb577164a05b3e24ee023a
parent	84c5ad23e13a95d962fe52a5aeb23c0c525f0166 (diff)