From: Pauli <ppzgs1@gmail.com>
Date: Fri, 19 Mar 2021 04:50:28 +0000 (+1000)
Subject: evp: fix coverity 1451509: argument cannot be negative
X-Git-Tag: openssl-3.0.0-alpha14~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3bbc7b562abf4ca3221d8762fe3f749024936281;p=thirdparty%2Fopenssl.git

evp: fix coverity 1451509: argument cannot be negative

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
---

diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 098aa3ee1ba..8bc1da63238 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -46,8 +46,12 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
                                  const unsigned char *iv, int enc)
 {
     EVP_RC4_HMAC_MD5 *key = data(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
 
-    RC4_set_key(&key->ks, EVP_CIPHER_CTX_key_length(ctx), inkey);
+    if (keylen <= 0)
+        return 0;
+
+    RC4_set_key(&key->ks, keylen, inkey);
 
     MD5_Init(&key->head);       /* handy when benchmarking */
     key->tail = key->head;