Fix check of EVP_CIPHER_CTX_ctrl

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18368)
author: Peiwei Hu <jlu.hpw@foxmail.com> 2022-05-21 10:17:23 +0200
committer: Tomas Mraz <tomas@openssl.org> 2022-05-24 08:57:37 +0200
commit: d649c51a5388912277dffb56d921eb720db54be1 (patch)
tree: f98696e10572ae47f0733c4a73fcbaee39b6c892 /ssl/t1_enc.c
parent: Change loops conditions to make zero loop risk more obvious. (diff)
download: openssl-d649c51a5388912277dffb56d921eb720db54be1.tar.xz
openssl-d649c51a5388912277dffb56d921eb720db54be1.zip
1 files changed, 7 insertions, 7 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 900ba14fbd..26182a1cd6 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -352,8 +352,8 @@ int tls1_change_cipher_state(SSL *s, int which)
 
     if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) {
         if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
-            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
-                                    iv)) {
+            || EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
+                                    iv) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
             goto err;
         }
@@ -365,9 +365,9 @@ int tls1_change_cipher_state(SSL *s, int which)
         else
             taglen = EVP_CCM_TLS_TAG_LEN;
         if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
-            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
-            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
-            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv)
+            || (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) <= 0)
+            || (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0)
+            || (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv) <= 0)
             || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
             goto err;
@@ -381,8 +381,8 @@ int tls1_change_cipher_state(SSL *s, int which)
     /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
     if ((EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)
         && *mac_secret_size
-        && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
-                                (int)*mac_secret_size, mac_secret)) {
+        && EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
+                                (int)*mac_secret_size, mac_secret) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         goto err;
     }
author	Peiwei Hu <jlu.hpw@foxmail.com>	2022-05-21 10:17:23 +0200
committer	Tomas Mraz <tomas@openssl.org>	2022-05-24 08:57:37 +0200
commit	d649c51a5388912277dffb56d921eb720db54be1 (patch)
tree	f98696e10572ae47f0733c4a73fcbaee39b6c892 /ssl/t1_enc.c
parent	Change loops conditions to make zero loop risk more obvious. (diff)
download	openssl-d649c51a5388912277dffb56d921eb720db54be1.tar.xz openssl-d649c51a5388912277dffb56d921eb720db54be1.zip