From: Pauli <ppzgs1@gmail.com>
Date: Fri, 19 Mar 2021 04:54:40 +0000 (+1000)
Subject: dh: fix coverity 1473238: argument cannot be negative
X-Git-Tag: openssl-3.0.0-alpha14~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fd0a9ff7ef0db7441baf8626f53e37a10d22449d;p=thirdparty%2Fopenssl.git

dh: fix coverity 1473238: argument cannot be negative

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
---

diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 584a174ae27..affe40a53c6 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -463,10 +463,11 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
         if (*keylen != dctx->kdf_outlen)
             return 0;
         ret = 0;
-        Zlen = DH_size(dh);
-        Z = OPENSSL_malloc(Zlen);
-        if (Z == NULL) {
-            goto err;
+        if ((Zlen = DH_size(dh)) <= 0)
+            return 0;
+        if ((Z = OPENSSL_malloc(Zlen)) == NULL) {
+            ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
+            return 0;
         }
         if (DH_compute_key_padded(Z, dhpubbn, dh) <= 0)
             goto err;