Coverity 1513478: negative return

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19126)
2025-04-12 20:30:52 +08:00 · 2022-09-05 07:56:37 +10:00 · 2022-09-05 07:56:37 +10:00 · 1d15370673
commit 1d15370673
parent 856f2aa7be
1 changed files with 8 additions and 2 deletions
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@ -811,13 +811,19 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
  static const unsigned char application_traffic[] = "traffic upd";
 #endif
    const EVP_MD *md = ssl_handshake_md(s);
-    size_t hashlen = EVP_MD_get_size(md);
+    size_t hashlen;
    unsigned char key[EVP_MAX_KEY_LENGTH];
    unsigned char *insecret, *iv;
    unsigned char secret[EVP_MAX_MD_SIZE];
    EVP_CIPHER_CTX *ciph_ctx;
    size_t keylen, ivlen, taglen;
-    int ret = 0;
+    int ret = 0, l;
+
+    if ((l = EVP_MD_get_size(md)) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    hashlen = (size_t)l;

    if (s->server == sending)
        insecret = s->server_app_traffic_secret;