dh: fix coverity 1473238: argument cannot be negative

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)

diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 584a174ae27568ac24ccedb19db37e4b8b6fabaf..affe40a53c6dc35d6b35c81f0dfe0119cae9b8c6 100644 (file)
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -463,10 +463,11 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
         if (*keylen != dctx->kdf_outlen)
             return 0;
         ret = 0;
-        Zlen = DH_size(dh);
-        Z = OPENSSL_malloc(Zlen);
-        if (Z == NULL) {
-            goto err;
+        if ((Zlen = DH_size(dh)) <= 0)
+            return 0;
+        if ((Z = OPENSSL_malloc(Zlen)) == NULL) {
+            ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
+            return 0;
         }
         if (DH_compute_key_padded(Z, dhpubbn, dh) <= 0)
             goto err;