From: Pauli <pauli@openssl.org>
Date: Sun, 6 Jun 2021 23:42:54 +0000 (+1000)
Subject: evp: fix Coverity 1485668 argument cannot be negative
X-Git-Tag: openssl-3.0.0-beta1~144
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dacb0d8f79debfe6b47f4b17ed6a51449dd7e484;p=thirdparty%2Fopenssl.git

evp: fix Coverity 1485668 argument cannot be negative

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)
---

diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
index 734e77f0a90..e3ff5687578 100644
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -38,7 +38,11 @@ IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
 static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv, int enc)
 {
-    BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx), key);
+    int len = EVP_CIPHER_CTX_get_key_length(ctx);
+
+    if (len < 0)
+        return 0;
+    BF_set_key(&data(ctx)->ks, len, key);
     return 1;
 }