> > *** CID 1439137: Integer handling issues (NEGATIVE_RETURNS) > > work in progress... > > I think this one may be a false positive -- it's worried that EVP_MD_size() > will return -1, but we've essentially already validated that the md is > valid by the time we get there. I didn't do a full check, though. > > -Ben
Yes, that's my suspicion, too. But I am also not sure yet. As far as I understand it, EVP_MD_size() will be negative only if md == NULL. So it boils down to the question whether one can assert that mctx always contains a valid md in line 261: const EVP_MD *md = EVP_MD_CTX_md(mctx); If that is the case, then one can silence coverity by casting the sign of the return value of EVP_MD_size(). But if not, some error handling is missing. Matthias _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project