Correctly check the return code of EVP_MAC_ctrl everwhere it is used

EVP_MAC_ctrl is documented to return 0 or -1 on failure. Numerous places
were not getting this check correct.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)

1 files changed, 4 insertions, 4 deletions

diff --git a/crypto/kdf/sskdf.c b/crypto/kdf/sskdf.c
index e999b54b77..935428f77f 100644
--- a/crypto/kdf/sskdf.c
+++ b/crypto/kdf/sskdf.c
@@ -138,7 +138,7 @@ static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom,
     if (custom == NULL)
         return 1;
 
-    if (!EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_CUSTOM, custom, custom_len))
+    if (EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_CUSTOM, custom, custom_len) <= 0)
         return 0;
 
     /* By default only do one iteration if kmac_out_len is not specified */
@@ -153,7 +153,7 @@ static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom,
             || kmac_out_len == 64))
         return 0;
 
-    if (!EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_SIZE, kmac_out_len))
+    if (EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_SIZE, kmac_out_len) <= 0)
         return 0;
 
     /*
@@ -200,10 +200,10 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md,
     if (ctx == NULL || ctx_init == NULL)
         goto end;
     if (hmac_md != NULL &&
-            !EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_MD, hmac_md))
+            EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_MD, hmac_md) <= 0)
         goto end;
 
-    if (!EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_KEY, salt, salt_len))
+    if (EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_KEY, salt, salt_len) <= 0)
         goto end;
 
     if (!kmac_init(ctx_init, kmac_custom, kmac_custom_len, kmac_out_len,