Deal with the unlikely event that EVP_MD_CTX_size() returns an error.

(Coverity ID 140).

3 files changed, 8 insertions, 0 deletions

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 9e38cb5bf9..75c2b63f3e 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -428,6 +428,12 @@ printf("\n");
 	if (!clear)
 		{
 		mac_size=EVP_MD_CTX_size(s->read_hash);
+		if (mac_size <= 0)
+			{
+			al=SSL_AD_INTERNAL_ERROR;
+			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_MAC_LENGTH);
+			goto f_err;
+			}
 
 		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
 			{
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 64173af1cc..893eb6ece3 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1996,6 +1996,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_BAD_HELLO_REQUEST				 105
 #define SSL_R_BAD_LENGTH				 271
 #define SSL_R_BAD_MAC_DECODE				 113
+#define SSL_R_BAD_MAC_LENGTH				 333
 #define SSL_R_BAD_MESSAGE_TYPE				 114
 #define SSL_R_BAD_PACKET_LENGTH				 115
 #define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 7879a3194e..c7b36b5e41 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -290,6 +290,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_BAD_HELLO_REQUEST)     ,"bad hello request"},
 {ERR_REASON(SSL_R_BAD_LENGTH)            ,"bad length"},
 {ERR_REASON(SSL_R_BAD_MAC_DECODE)        ,"bad mac decode"},
+{ERR_REASON(SSL_R_BAD_MAC_LENGTH)        ,"bad mac length"},
 {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE)      ,"bad message type"},
 {ERR_REASON(SSL_R_BAD_PACKET_LENGTH)     ,"bad packet length"},
 {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},