Coverity CID 1444961: Integer handling issues

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
author: Pauli <paul.dale@oracle.com> 2019-05-07 10:26:32 +1000
committer: Pauli <paul.dale@oracle.com> 2019-05-08 09:52:58 +1000
commit: ea053ec99e985a3d76762bc54ccce23e12d08999 (patch)
tree: 20e1733587336dc0c1044ba1decbf9bea51109ae /crypto/evp/p5_crpt2.c
parent: 4894dcad6282985a96f5b3b560019c21c2bb3a6b (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index ac5b974e54..c231a32c05 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -134,7 +134,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
                              const EVP_CIPHER *c, const EVP_MD *md, int en_de)
 {
     unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
-    int saltlen, iter;
+    int saltlen, iter, t;
     int rv = 0;
     unsigned int keylen = 0;
     int prf_nid, hmac_md_nid;
@@ -157,7 +157,12 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
         goto err;
     }
 
-    keylen = EVP_CIPHER_CTX_key_length(ctx);
+    t = EVP_CIPHER_CTX_key_length(ctx);
+    if (t < 0) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH);
+        goto err;
+    }
+    keylen = t;
 
     /* Now check the parameters of the kdf */
author	Pauli <paul.dale@oracle.com>	2019-05-07 10:26:32 +1000
committer	Pauli <paul.dale@oracle.com>	2019-05-08 09:52:58 +1000
commit	ea053ec99e985a3d76762bc54ccce23e12d08999 (patch)
tree	20e1733587336dc0c1044ba1decbf9bea51109ae /crypto/evp/p5_crpt2.c
parent	4894dcad6282985a96f5b3b560019c21c2bb3a6b (diff)