diff options
author | Paul Yang <kaishen.yy@antfin.com> | 2019-09-30 14:05:31 +0800 |
---|---|---|
committer | Paul Yang <kaishen.yy@antfin.com> | 2019-09-30 17:18:17 +0800 |
commit | 7e3ae24832e0705583b1471febf3dc0eb1cc021f (patch) | |
tree | e67320014f3adacefb760d3fe801b9e0593d2698 | |
parent | df0822688fc3432cf800cdc07c7f9016ea201170 (diff) | |
download | openssl-7e3ae24832e0705583b1471febf3dc0eb1cc021f.tar.gz |
Fix a bundle of mischecks of return values
Several EVP_PKEY_xxxx functions return 0 and a negative value for
indicating errors. Some places call these functions with a zero return
value check only, which misses the check for the negative scenarios.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10055)
-rw-r--r-- | apps/speed.c | 12 | ||||
-rw-r--r-- | crypto/cms/cms_kari.c | 2 |
2 files changed, 7 insertions, 7 deletions
diff --git a/apps/speed.c b/apps/speed.c index 33f77d3b2c..47e7d1bbc5 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -3149,7 +3149,7 @@ int speed_main(int argc, char **argv) pctx = NULL; } if (kctx == NULL || /* keygen ctx is not null */ - !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) { + EVP_PKEY_keygen_init(kctx) <= 0/* init keygen ctx */ ) { ecdh_checks = 0; BIO_printf(bio_err, "ECDH keygen failure.\n"); ERR_print_errors(bio_err); @@ -3157,12 +3157,12 @@ int speed_main(int argc, char **argv) break; } - if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */ - !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */ + if (EVP_PKEY_keygen(kctx, &key_A) <= 0 || /* generate secret key A */ + EVP_PKEY_keygen(kctx, &key_B) <= 0 || /* generate secret key B */ !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */ - !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */ - !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */ - !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */ + EVP_PKEY_derive_init(ctx) <= 0 || /* init derivation ctx */ + EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 || /* set peer pubkey in ctx */ + EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 || /* determine max length */ outlen == 0 || /* ensure outlen is a valid size */ outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) { ecdh_checks = 0; diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index bffa9351ae..3820d0e229 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -162,7 +162,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk) if (!pk) return 1; pctx = EVP_PKEY_CTX_new(pk, NULL); - if (!pctx || !EVP_PKEY_derive_init(pctx)) + if (!pctx || EVP_PKEY_derive_init(pctx) <= 0) goto err; kari->pctx = pctx; return 1; |