Coverity 1513478: negative return

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19126) (cherry picked from commit 1d1537067304b8c8d87b2df393363b40370ad640)
author: Pauli <pauli@openssl.org> 2022-09-05 07:56:37 +1000
committer: Pauli <pauli@openssl.org> 2022-09-06 18:07:05 +1000
commit: cb12a691796372f73c13ac8a3ecb17a8d3a059d9 (patch)
tree: 4fa3afc471ec6f5eb37b75bb482bd0cf790e9955 /ssl/tls13_enc.c
parent: 63b7c39aa2a3d5df58b7fe8d8e1fa811a502684a (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 07d065e35e..b186cb3897 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -751,12 +751,18 @@ int tls13_update_key(SSL *s, int sending)
   static const unsigned char application_traffic[] = "traffic upd";
 #endif
     const EVP_MD *md = ssl_handshake_md(s);
-    size_t hashlen = EVP_MD_get_size(md);
+    size_t hashlen;
     unsigned char key[EVP_MAX_KEY_LENGTH];
     unsigned char *insecret, *iv;
     unsigned char secret[EVP_MAX_MD_SIZE];
     EVP_CIPHER_CTX *ciph_ctx;
-    int ret = 0;
+    int ret = 0, l;
+
+    if ((l = EVP_MD_get_size(md)) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    hashlen = (size_t)l;
 
     if (s->server == sending)
         insecret = s->server_app_traffic_secret;
author	Pauli <pauli@openssl.org>	2022-09-05 07:56:37 +1000
committer	Pauli <pauli@openssl.org>	2022-09-06 18:07:05 +1000
commit	cb12a691796372f73c13ac8a3ecb17a8d3a059d9 (patch)
tree	4fa3afc471ec6f5eb37b75bb482bd0cf790e9955 /ssl/tls13_enc.c
parent	63b7c39aa2a3d5df58b7fe8d8e1fa811a502684a (diff)