Submitted by:  Julia Lawall <julia@diku.dk>

The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
diff --git a/CHANGES b/CHANGES
index 17fd386..fab83ce 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.8k and 1.0  [xx XXX xxxx]
 
+  *) The function EVP_PKEY_sign() returns <=0 on error: check return code
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+
   *) Update verify callback code in apps/s_cb.c and apps/verify.c, it
      needlessly dereferenced structures, used obsolete functions and
      didn't handle all updated verify codes correctly.
@@ -819,6 +823,12 @@
 
  Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
 
+  *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
+     CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
+     fixes for a few places where the return code is not checked
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+
   *) Add --strict-warnings option to Configure script to include devteam
      warnings in other configurations.
      [Steve Henson]
diff --git a/apps/ts.c b/apps/ts.c
index d73b4eb..bedb602 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -649,7 +649,7 @@
 
 	/* Generating random byte sequence. */
 	if (len > (int)sizeof(buf)) goto err;
-	if (!RAND_bytes(buf, len)) goto err;
+	if (RAND_bytes(buf, len) <= 0) goto err;
 
 	/* Find the first non-zero byte and creating ASN1_INTEGER object. */
 	for (i = 0; i < len && !buf[i]; ++i);
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index deb67dd..90c0b82 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -344,7 +344,7 @@
 
 	/* Get original receipt request details */
 
-	if (!CMS_get1_ReceiptRequest(osi, &rr))
+	if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
 		{
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
 		goto err;
@@ -385,7 +385,7 @@
 
 	/* Get original receipt request details */
 
-	if (!CMS_get1_ReceiptRequest(si, &rr))
+	if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
 		{
 		CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
 		goto err;
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 2768c48..62bc495 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -860,7 +860,7 @@
 
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
     /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && OPENSSL_isservice())
+    if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
     {	HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
 	const TCHAR *pmsg=buf;
 	ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c
index 95b6b45..5ce25d9 100644
--- a/crypto/engine/eng_ctrl.c
+++ b/crypto/engine/eng_ctrl.c
@@ -280,7 +280,7 @@
 		}
 	/* Force the result of the control command to 0 or 1, for the reasons
 	 * mentioned before. */
-        if (ENGINE_ctrl(e, num, i, p, f))
+        if (ENGINE_ctrl(e, num, i, p, f) > 0)
                 return 1;
         return 0;
         }
@@ -345,7 +345,7 @@
 		 * usage of these commands is consistent across applications and
 		 * that certain applications don't understand it one way, and
 		 * others another. */
-		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
 			return 1;
 		return 0;
 		}
@@ -360,7 +360,7 @@
 	if(flags & ENGINE_CMD_FLAG_STRING)
 		{
 		/* Same explanation as above */
-		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
 			return 1;
 		return 0;
 		}
@@ -383,7 +383,7 @@
 		}
 	/* Force the result of the control command to 0 or 1, for the reasons
 	 * mentioned before. */
-	if(ENGINE_ctrl(e, num, l, NULL, NULL))
+	if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
 		return 1;
 	return 0;
 	}
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index 775c361..ac211e2 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -222,7 +222,7 @@
 		   		ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
-		if (!RAND_bytes(salt, sLen))
+		if (RAND_bytes(salt, sLen) <= 0)
 			goto err;
 		}
 	maskedDBLen = emLen - hLen - 1;
diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
index 7f3e57f..8fa5734 100644
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -155,7 +155,7 @@
 					__FILE__, __LINE__);
 			else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
 				{
-				if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
+				if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
 					return -1;
 				}
 			}
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 861ce30..a62ffd5 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2707,7 +2707,7 @@
 		s->method->ssl3_enc->cert_verify_mac(s,
 			NID_id_GostR3411_94,
 			data);
-		if (!EVP_PKEY_sign(pctx,signbuf,&sigsize,data,32)) {
+		if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
 			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
 			ERR_R_INTERNAL_ERROR);
 			goto err;