Coverity 1513478: negative return

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19126)
author: Pauli <pauli@openssl.org> 2022-09-05 07:56:37 +1000
committer: Pauli <pauli@openssl.org> 2022-09-06 18:01:54 +1000
commit: 1d1537067304b8c8d87b2df393363b40370ad640 (patch)
tree: 6182f824b370fb433da849ad7a87ffca0243f838 /ssl/tls13_enc.c
parent: 856f2aa7be6bb59bc72493845d92e31ef0523c79 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 0d0c0a14e5..702ed736fd 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -811,13 +811,19 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
   static const unsigned char application_traffic[] = "traffic upd";
 #endif
     const EVP_MD *md = ssl_handshake_md(s);
-    size_t hashlen = EVP_MD_get_size(md);
+    size_t hashlen;
     unsigned char key[EVP_MAX_KEY_LENGTH];
     unsigned char *insecret, *iv;
     unsigned char secret[EVP_MAX_MD_SIZE];
     EVP_CIPHER_CTX *ciph_ctx;
     size_t keylen, ivlen, taglen;
-    int ret = 0;
+    int ret = 0, l;
+
+    if ((l = EVP_MD_get_size(md)) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    hashlen = (size_t)l;
 
     if (s->server == sending)
         insecret = s->server_app_traffic_secret;
author	Pauli <pauli@openssl.org>	2022-09-05 07:56:37 +1000
committer	Pauli <pauli@openssl.org>	2022-09-06 18:01:54 +1000
commit	1d1537067304b8c8d87b2df393363b40370ad640 (patch)
tree	6182f824b370fb433da849ad7a87ffca0243f838 /ssl/tls13_enc.c
parent	856f2aa7be6bb59bc72493845d92e31ef0523c79 (diff)