ssl/ech/ech_store.c: check WPACKET_get_total_written return value

Check the return value of check WPACKET_get_total_written() call
in OSSL_ECHSTORE_new_config() and OSSL_ECHSTORE_write_pem(),
and error out on failure.

References: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681451
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:45 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

diff --git a/ssl/ech/ech_store.c b/ssl/ech/ech_store.c
index 77a723ffafcc3c1ec0748b862157db4cd9d11bcd..c9ef390554f02114357150e8be6831530b235049 100644 (file)
--- a/ssl/ech/ech_store.c
+++ b/ssl/ech/ech_store.c
@@ -745,7 +745,10 @@ int OSSL_ECHSTORE_new_config(OSSL_ECHSTORE *es,
         goto err;
     }
     /* bp, bblen has encoding */
-    WPACKET_get_total_written(&epkt, &bblen);
+    if (!WPACKET_get_total_written(&epkt, &bblen)) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
     if ((ee = OPENSSL_zalloc(sizeof(*ee))) == NULL) {
         ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
         goto err;
@@ -873,7 +876,10 @@ int OSSL_ECHSTORE_write_pem(OSSL_ECHSTORE *es, int index, BIO *out)
             ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
             goto err;
         }
-        WPACKET_get_total_written(&epkt, &allencoded_len);
+        if (!WPACKET_get_total_written(&epkt, &allencoded_len)) {
+            ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
         if (PEM_write_bio(out, PEM_STRING_ECHCONFIG, NULL,
                 (unsigned char *)epkt_mem->data,
                 (long)allencoded_len)