diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e6ba33d85b1b847a6ba90670e8865b0fadc3c7e5..9ad7c29a7d15d278c61e9df46300a7d692cd5995 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1532,6 +1532,9 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
  	 * integrity checks on ticket.
  	 */
 	mlen = HMAC_size(&hctx);
+	if (mlen <= 0)
+		return -1;
+
 	eticklen -= mlen;
 	/* Check HMAC of encrypted ticket */
 	HMAC_Update(&hctx, etick, eticklen);