Correctly check the return code of EVP_MAC_ctrl everwhere it is used
EVP_MAC_ctrl is documented to return 0 or -1 on failure. Numerous places
were not getting this check correct.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)
diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c
index 858ca28..fc627f1 100644
--- a/crypto/evp/pkey_mac.c
+++ b/crypto/evp/pkey_mac.c
@@ -231,9 +231,9 @@
int rv;
if ((rv = EVP_MAC_ctrl(hctx->ctx, EVP_MAC_CTRL_SET_ENGINE,
- ctx->engine)) < 0
+ ctx->engine)) <= 0
|| (rv = EVP_MAC_ctrl(hctx->ctx, EVP_MAC_CTRL_SET_CIPHER,
- p2)) < 0
+ p2)) <= 0
|| !(rv = EVP_MAC_init(hctx->ctx)))
return rv;
}
@@ -275,7 +275,7 @@
return 0;
break;
case MAC_TYPE_MAC:
- if (!EVP_MAC_ctrl(hctx->ctx, EVP_MAC_CTRL_SET_KEY, p2, p1))
+ if (EVP_MAC_ctrl(hctx->ctx, EVP_MAC_CTRL_SET_KEY, p2, p1) <= 0)
return 0;
break;
default:
@@ -296,11 +296,11 @@
(ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
if ((rv = EVP_MAC_ctrl(hctx->ctx, EVP_MAC_CTRL_SET_ENGINE,
- ctx->engine)) < 0
+ ctx->engine)) <= 0
|| (rv = EVP_MAC_ctrl(hctx->ctx, EVP_MAC_CTRL_SET_MD,
- hctx->raw_data.md)) < 0
+ hctx->raw_data.md)) <= 0
|| (rv = EVP_MAC_ctrl(hctx->ctx, EVP_MAC_CTRL_SET_KEY,
- key->data, key->length)) < 0)
+ key->data, key->length)) <= 0)
return rv;
}
break;
diff --git a/crypto/kdf/sskdf.c b/crypto/kdf/sskdf.c
index e999b54..935428f 100644
--- a/crypto/kdf/sskdf.c
+++ b/crypto/kdf/sskdf.c
@@ -138,7 +138,7 @@
if (custom == NULL)
return 1;
- if (!EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_CUSTOM, custom, custom_len))
+ if (EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_CUSTOM, custom, custom_len) <= 0)
return 0;
/* By default only do one iteration if kmac_out_len is not specified */
@@ -153,7 +153,7 @@
|| kmac_out_len == 64))
return 0;
- if (!EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_SIZE, kmac_out_len))
+ if (EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_SIZE, kmac_out_len) <= 0)
return 0;
/*
@@ -200,10 +200,10 @@
if (ctx == NULL || ctx_init == NULL)
goto end;
if (hmac_md != NULL &&
- !EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_MD, hmac_md))
+ EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_MD, hmac_md) <= 0)
goto end;
- if (!EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_KEY, salt, salt_len))
+ if (EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_KEY, salt, salt_len) <= 0)
goto end;
if (!kmac_init(ctx_init, kmac_custom, kmac_custom_len, kmac_out_len,
diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c
index 99b11d1..f812d0a 100644
--- a/crypto/modes/siv128.c
+++ b/crypto/modes/siv128.c
@@ -166,8 +166,8 @@
|| (ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL
|| (ctx->mac_ctx_init = EVP_MAC_CTX_new_id(EVP_MAC_CMAC)) == NULL
|| (ctx->mac_ctx = EVP_MAC_CTX_new_id(EVP_MAC_CMAC)) == NULL
- || !EVP_MAC_ctrl(ctx->mac_ctx_init, EVP_MAC_CTRL_SET_CIPHER, cbc)
- || !EVP_MAC_ctrl(ctx->mac_ctx_init, EVP_MAC_CTRL_SET_KEY, key, klen)
+ || EVP_MAC_ctrl(ctx->mac_ctx_init, EVP_MAC_CTRL_SET_CIPHER, cbc) <= 0
+ || EVP_MAC_ctrl(ctx->mac_ctx_init, EVP_MAC_CTRL_SET_KEY, key, klen) <= 0
|| !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL)
|| !EVP_MAC_CTX_copy(ctx->mac_ctx, ctx->mac_ctx_init)
|| !EVP_MAC_update(ctx->mac_ctx, zero, sizeof(zero))
