diff options
author | Peiwei Hu <jlu.hpw@foxmail.com> | 2022-05-21 16:17:23 +0800 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-05-24 08:58:20 +0200 |
commit | 4aa3eb454e89fd78884faa168a90ccf19d0bca3a (patch) | |
tree | c7286d9a8738993b053fd792fa1d88a028525649 | |
parent | 5aa6e627953a4b3e96ea1f37b5ed71c9bb8c1e1b (diff) |
Fix check of EVP_CIPHER_CTX_ctrl
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18368)
(cherry picked from commit d649c51a5388912277dffb56d921eb720db54be1)
-rw-r--r-- | apps/speed.c | 4 | ||||
-rw-r--r-- | crypto/evp/evp_enc.c | 2 | ||||
-rw-r--r-- | providers/fips/self_test_kats.c | 8 | ||||
-rw-r--r-- | providers/implementations/macs/gmac_prov.c | 4 | ||||
-rw-r--r-- | ssl/t1_enc.c | 14 | ||||
-rw-r--r-- | ssl/tls13_enc.c | 6 | ||||
-rw-r--r-- | test/acvp_test.c | 24 | ||||
-rw-r--r-- | test/evp_extra_test.c | 16 | ||||
-rw-r--r-- | test/evp_test.c | 24 |
9 files changed, 51 insertions, 51 deletions
diff --git a/apps/speed.c b/apps/speed.c index d252b41ca4..dbeb371194 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -3613,8 +3613,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, app_bail_out("failed to set cipher key\n"); OPENSSL_clear_free(key, keylen); - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, - sizeof(no_key), no_key)) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, + sizeof(no_key), no_key) <= 0) app_bail_out("failed to set AEAD key\n"); if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL) app_bail_out("failed to get cipher name\n"); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 19a07debd9..e69da3f9a0 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -304,7 +304,7 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, /* Preserve wrap enable flag, zero everything else */ ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) { ctx->cipher = NULL; ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 94a0cf842c..3a7d095c7b 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -72,10 +72,10 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, in_tag = (unsigned char *)t->tag; return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc) - && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) + && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0) && (in_tag == NULL || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len, - in_tag)) + in_tag) > 0) && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc) && EVP_CIPHER_CTX_set_padding(ctx, pad) && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len); @@ -117,8 +117,8 @@ static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st, if (t->tag != NULL) { unsigned char tag[16] = { 0 }; - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len, - tag) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len, + tag) <= 0 || memcmp(tag, t->tag, t->tag_len) != 0) goto err; } diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index ad189d9c14..3dd38ecd7c 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -235,8 +235,8 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) if (p->data_type != OSSL_PARAM_OCTET_STRING) return 0; - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - p->data_size, NULL) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + p->data_size, NULL) <= 0 || !EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, p->data)) return 0; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 237a19cd93..91238e6457 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -393,8 +393,8 @@ int tls1_change_cipher_state(SSL *s, int which) if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) - || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k, - iv)) { + || EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k, + iv) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -406,9 +406,9 @@ int tls1_change_cipher_state(SSL *s, int which) else taglen = EVP_CCM_TLS_TAG_LEN; if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE)) - || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) - || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) - || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv) + || (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) <= 0) + || (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0) + || (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv) <= 0) || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -422,8 +422,8 @@ int tls1_change_cipher_state(SSL *s, int which) /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ if ((EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size - && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, - (int)*mac_secret_size, mac_secret)) { + && EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, + (int)*mac_secret_size, mac_secret) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 12388922e3..d7db82e5e2 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -385,9 +385,9 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, } if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, sending) <= 0 - || !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) - || (taglen != 0 && !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, - taglen, NULL)) + || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) <= 0 + || (taglen != 0 && EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, + taglen, NULL) <= 0) || EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); return 0; diff --git a/test/acvp_test.c b/test/acvp_test.c index bbc77d0ae6..7d404f3b5e 100644 --- a/test/acvp_test.c +++ b/test/acvp_test.c @@ -734,10 +734,10 @@ static int aes_ccm_enc_dec(const char *alg, if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) - || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, - NULL)) - || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, - enc ? NULL : (void *)tag)) + || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, + NULL), 0) + || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, + enc ? NULL : (void *)tag), 0) || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len)) @@ -753,8 +753,8 @@ static int aes_ccm_enc_dec(const char *alg, goto err; if (enc) { out_len += len; - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - tag_len, out + out_len)) + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + tag_len, out + out_len), 0) || !TEST_mem_eq(out, out_len, ct, ct_len) || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) goto err; @@ -821,13 +821,13 @@ static int aes_gcm_enc_dec(const char *alg, if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) - || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, - NULL))) + || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, + NULL), 0)) goto err; if (!enc) { - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, - (void *)tag))) + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, + (void *)tag), 0)) goto err; } /* @@ -850,8 +850,8 @@ static int aes_gcm_enc_dec(const char *alg, out_len += len; if (enc) { if (!TEST_mem_eq(out, out_len, ct, ct_len) - || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - tag_len, out + out_len)) + || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + tag_len, out + out_len), 0) || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) goto err; } else { diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 31d078dfba..4eca37214d 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -3531,7 +3531,7 @@ static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) int res = 0; if (t->ivlen != 0) { - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL))) + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0)) goto err; } if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) @@ -3597,8 +3597,8 @@ static int test_evp_init_seq(int idx) } if (t->finalenc == 0 && t->tag != NULL) { /* Set expected tag */ - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - t->taglen, (void *)t->tag))) { + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + t->taglen, (void *)t->tag), 0)) { errmsg = "SET_TAG"; goto err; } @@ -3612,7 +3612,7 @@ static int test_evp_init_seq(int idx) goto err; } if (t->finalenc != 0 && t->tag != NULL) { - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { errmsg = "GET_TAG"; goto err; } @@ -3873,7 +3873,7 @@ static int test_gcm_reinit(int idx) errmsg = "ENC_INIT"; goto err; } - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) { + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) { errmsg = "SET_IVLEN1"; goto err; } @@ -3899,7 +3899,7 @@ static int test_gcm_reinit(int idx) errmsg = "WRONG_RESULT1"; goto err; } - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { errmsg = "GET_TAG1"; goto err; } @@ -3908,7 +3908,7 @@ static int test_gcm_reinit(int idx) goto err; } /* Now reinit */ - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) { + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) { errmsg = "SET_IVLEN2"; goto err; } @@ -3933,7 +3933,7 @@ static int test_gcm_reinit(int idx) errmsg = "WRONG_RESULT2"; goto err; } - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { errmsg = "GET_TAG2"; goto err; } diff --git a/test/evp_test.c b/test/evp_test.c index ef6fc0965a..768329bd82 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -755,8 +755,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc, } if (expected->iv) { if (expected->aead) { - if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN, - expected->iv_len, 0)) { + if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN, + expected->iv_len, 0) <= 0) { t->err = "INVALID_IV_LENGTH"; goto err; } @@ -779,8 +779,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc, tag = expected->tag; } if (tag || expected->aead != EVP_CIPH_GCM_MODE) { - if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG, - expected->tag_len, tag)) + if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG, + expected->tag_len, tag) <= 0) goto err; } } @@ -788,7 +788,7 @@ static int cipher_test_enc(EVP_TEST *t, int enc, if (expected->rounds > 0) { int rounds = (int)expected->rounds; - if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)) { + if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) { t->err = "INVALID_ROUNDS"; goto err; } @@ -801,7 +801,7 @@ static int cipher_test_enc(EVP_TEST *t, int enc, if (expected->key_bits > 0) { int bits = (int)expected->key_bits; - if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL)) { + if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) { t->err = "INVALID KEY BITS"; goto err; } @@ -836,9 +836,9 @@ static int cipher_test_enc(EVP_TEST *t, int enc, ERR_pop_to_mark(); if (expected->mac_key != NULL - && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, + && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, (int)expected->mac_key_len, - (void *)expected->mac_key)) { + (void *)expected->mac_key) <= 0) { t->err = "SET_MAC_KEY_ERROR"; goto err; } @@ -914,8 +914,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc, OPENSSL_free(tls_aad); } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late)) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - expected->tag_len, expected->tag)) { + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + expected->tag_len, expected->tag) <= 0) { t->err = "TAG_SET_ERROR"; goto err; } @@ -977,8 +977,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc, t->err = "TAG_LENGTH_INTERNAL_ERROR"; goto err; } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - expected->tag_len, rtag)) { + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + expected->tag_len, rtag) <= 0) { t->err = "TAG_RETRIEVE_ERROR"; goto err; } |