EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and
a value greater than 0 in case of success. Two callsites only check for
< 0 instead of <= 0. The other callsites perform this check correctly.
Change the two callsites to <= 0. Additionally correctly handle a zero
return value from EVP_CIPHER_get_asn1_iv as success.
Fixes: #20116
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/201213)
break;
default:
- ret = EVP_CIPHER_get_asn1_iv(c, type);
+ ret = EVP_CIPHER_get_asn1_iv(c, type) >= 0 ? 1 : -1;
}
} else if (cipher->prov != NULL) {
OSSL_PARAM params[3], *p = params;
/* Fixup cipher based on AlgorithmIdentifier */
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
goto err;
- if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
+ if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) <= 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR);
goto err;
}
BIO_get_cipher_ctx(etmp, &evp_ctx);
if (EVP_CipherInit_ex(evp_ctx, cipher, NULL, NULL, NULL, 0) <= 0)
goto err;
- if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
+ if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) <= 0)
goto err;
/* Generate random key as MMA defence */
len = EVP_CIPHER_CTX_get_key_length(evp_ctx);