From 6521cb0319e9bb1d49c93bd9885c7b253e90cef6 Mon Sep 17 00:00:00 2001
From: Pauli <paul.dale@oracle.com>
Date: Tue, 7 May 2019 10:55:39 +1000
Subject: [PATCH] Coverity CID 1444956: Integer handling issues

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
---
 crypto/evp/e_des3.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 6177659a83..52fde95fb0 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -280,15 +280,17 @@ static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 {
 
     DES_cblock *deskey = ptr;
+    int kl;
 
     switch (type) {
     case EVP_CTRL_RAND_KEY:
-        if (RAND_priv_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
+        kl = EVP_CIPHER_CTX_key_length(ctx);
+        if (kl < 0 || RAND_priv_bytes(ptr, kl) <= 0)
             return 0;
         DES_set_odd_parity(deskey);
-        if (EVP_CIPHER_CTX_key_length(ctx) >= 16)
+        if (kl >= 16)
             DES_set_odd_parity(deskey + 1);
-        if (EVP_CIPHER_CTX_key_length(ctx) >= 24)
+        if (kl >= 24)
             DES_set_odd_parity(deskey + 2);
         return 1;