From 9951eaf467f8cc43ffad69222b42340c3b24cd52 Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Thu, 10 Sep 2020 18:19:13 +1000
Subject: Fix coverity issue: CID 1466483 - Improper use of Negative value in
 dh_ctrl.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)
---
 crypto/dh/dh_ctrl.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'crypto/dh')

diff --git a/crypto/dh/dh_ctrl.c b/crypto/dh/dh_ctrl.c
index 6fddd271a8..0db5eba505 100644
--- a/crypto/dh/dh_ctrl.c
+++ b/crypto/dh/dh_ctrl.c
@@ -500,6 +500,9 @@ int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len)
     int ret;
     OSSL_PARAM params[2], *p = params;
 
+    if (len <= 0)
+        return -1;
+
     ret = dh_param_derive_check(ctx);
     if (ret != 1)
         return ret;
-- 
cgit v1.2.3