Coverity 1513478: negative return

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19126)

(cherry picked from commit 1d1537067304b8c8d87b2df393363b40370ad640)

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 07d065e35e957accfc5e952154252bde40b79e7f..b186cb3897608bf36e5057cc0c36fed5fd94d71d 100644 (file)
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -751,12 +751,18 @@ int tls13_update_key(SSL *s, int sending)
   static const unsigned char application_traffic[] = "traffic upd";
 #endif
     const EVP_MD *md = ssl_handshake_md(s);
-    size_t hashlen = EVP_MD_get_size(md);
+    size_t hashlen;
     unsigned char key[EVP_MAX_KEY_LENGTH];
     unsigned char *insecret, *iv;
     unsigned char secret[EVP_MAX_MD_SIZE];
     EVP_CIPHER_CTX *ciph_ctx;
-    int ret = 0;
+    int ret = 0, l;
+
+    if ((l = EVP_MD_get_size(md)) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    hashlen = (size_t)l;
 
     if (s->server == sending)
         insecret = s->server_app_traffic_secret;