summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorPeiwei Hu <jlu.hpw@foxmail.com>2022-05-21 16:17:23 +0800
committerTomas Mraz <tomas@openssl.org>2022-05-24 08:58:20 +0200
commit4aa3eb454e89fd78884faa168a90ccf19d0bca3a (patch)
treec7286d9a8738993b053fd792fa1d88a028525649 /ssl
parent5aa6e627953a4b3e96ea1f37b5ed71c9bb8c1e1b (diff)
Fix check of EVP_CIPHER_CTX_ctrl
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18368) (cherry picked from commit d649c51a5388912277dffb56d921eb720db54be1)
Diffstat (limited to 'ssl')
-rw-r--r--ssl/t1_enc.c14
-rw-r--r--ssl/tls13_enc.c6
2 files changed, 10 insertions, 10 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 237a19cd93..91238e6457 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -393,8 +393,8 @@ int tls1_change_cipher_state(SSL *s, int which)
if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) {
if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
- || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
- iv)) {
+ || EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
+ iv) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -406,9 +406,9 @@ int tls1_change_cipher_state(SSL *s, int which)
else
taglen = EVP_CCM_TLS_TAG_LEN;
if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
- || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
- || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
- || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv)
+ || (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) <= 0)
+ || (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0)
+ || (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv) <= 0)
|| !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
@@ -422,8 +422,8 @@ int tls1_change_cipher_state(SSL *s, int which)
/* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
if ((EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)
&& *mac_secret_size
- && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
- (int)*mac_secret_size, mac_secret)) {
+ && EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
+ (int)*mac_secret_size, mac_secret) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 12388922e3..d7db82e5e2 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -385,9 +385,9 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
}
if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, sending) <= 0
- || !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
- || (taglen != 0 && !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG,
- taglen, NULL))
+ || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) <= 0
+ || (taglen != 0 && EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG,
+ taglen, NULL) <= 0)
|| EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-03 21:30:29 +0000