From c8ea9bc6702e30f4efa690906abd14c5eab927cf Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Tue, 7 Jul 2020 09:46:37 +1000
Subject: Fix CID 1454806:   NEGATIVE_RETURNS (cms_enc.c)

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
---
 crypto/cms/cms_enc.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'crypto/cms/cms_enc.c')

diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 3a17a2798b..5f9e2b3a52 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -28,6 +28,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
     X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
     unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
     unsigned char *tkey = NULL;
+    int len;
     size_t tkeylen = 0;
 
     int ok = 0;
@@ -81,7 +82,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
         goto err;
     }
-    tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+    len = EVP_CIPHER_CTX_key_length(ctx);
+    if (len <= 0)
+        goto err;
+    tkeylen = (size_t)len;
+
     /* Generate random session key */
     if (!enc || !ec->key) {
         tkey = OPENSSL_malloc(tkeylen);
-- 
cgit v1.2.3