Fix a bundle of mischecks of return values

Several EVP_PKEY_xxxx functions return 0 and a negative value for indicating errors. Some places call these functions with a zero return value check only, which misses the check for the negative scenarios. Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10055) (cherry picked from commit 7e3ae24832e0705583b1471febf3dc0eb1cc021f)

Fix a bundle of mischecks of return values
Several EVP_PKEY_xxxx functions return 0 and a negative value for indicating errors. Some places call these functions with a zero return value check only, which misses the check for the negative scenarios. Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10055) (cherry picked from commit 7e3ae24832e0705583b1471febf3dc0eb1cc021f)
f5517d95 · Paul Yang · 312674e5 · f5517d95 · f5517d95
隐藏空白更改
内联并排

Showing with 7 addition and 7 deletion

apps/speed.c apps/speed.c +6 -6

crypto/cms/cms_kari.c crypto/cms/cms_kari.c +1 -1

未找到文件。
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -3006,7 +3006,7 @@ int speed_main(int argc, char **argv)
                pctx = NULL;
            }
            if (kctx == NULL ||      /* keygen ctx is not null */
-                !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) {
+                EVP_PKEY_keygen_init(kctx) <= 0/* init keygen ctx */ ) {
                ecdh_checks = 0;
                BIO_printf(bio_err, "ECDH keygen failure.\n");
                ERR_print_errors(bio_err);
@@ -3014,12 +3014,12 @@ int speed_main(int argc, char **argv)
                break;
            }

-            if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */
-                !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */
+            if (EVP_PKEY_keygen(kctx, &key_A) <= 0 || /* generate secret key A */
+                EVP_PKEY_keygen(kctx, &key_B) <= 0 || /* generate secret key B */
                !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */
-                !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */
-                !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */
-                !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */
+                EVP_PKEY_derive_init(ctx) <= 0 || /* init derivation ctx */
+                EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 || /* set peer pubkey in ctx */
+                EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 || /* determine max length */
                outlen == 0 ||  /* ensure outlen is a valid size */
                outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) {
                ecdh_checks = 0;

--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -162,7 +162,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
    if (!pk)
        return 1;
    pctx = EVP_PKEY_CTX_new(pk, NULL);
-    if (!pctx || !EVP_PKEY_derive_init(pctx))
+    if (!pctx || EVP_PKEY_derive_init(pctx) <= 0)
        goto err;
    kari->pctx = pctx;
    return 1;