Fix multiple wrong checks of EVP_PKEY_set1_encoded_public_key

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)

diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
index 9cee01793a95a46ac8e2ff1c25ca9d1d0e62464e..6c965bb2884fad400554ceaf680c79a6dace5210 100644 (file)
--- a/crypto/cms/cms_dh.c
+++ b/crypto/cms/cms_dh.c
@@ -65,7 +65,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
     pkpeer = EVP_PKEY_new();
     if (pkpeer == NULL
             || !EVP_PKEY_copy_parameters(pkpeer, pk)
-            || !EVP_PKEY_set1_encoded_public_key(pkpeer, buf, plen))
+            || EVP_PKEY_set1_encoded_public_key(pkpeer, buf, plen) <= 0)
         goto err;
 
     if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)

diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c
index a4427d7ee21b065572dd78577c664a659f36a4ab..6e9962ed6e8fea2391ace79f1cd0d4e7612e82ac 100644 (file)
--- a/crypto/cms/cms_ec.c
+++ b/crypto/cms/cms_ec.c
@@ -111,7 +111,7 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
     if (p == NULL || plen == 0)
         goto err;
 
-    if (!EVP_PKEY_set1_encoded_public_key(pkpeer, p, plen))
+    if (EVP_PKEY_set1_encoded_public_key(pkpeer, p, plen) <= 0)
         goto err;
 
     if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 5d5aa45deee458adbca65ac3bb2562fd2ca722bb..c6abfd3319585e4024d7905d9a84e3c2836e1fde 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3086,7 +3086,7 @@ static int tls_process_cke_dhe(SSL_CONNECTION *s, PACKET *pkt)
         goto err;
     }
 
-    if (!EVP_PKEY_set1_encoded_public_key(ckey, data, i)) {
+    if (EVP_PKEY_set1_encoded_public_key(ckey, data, i) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         goto err;
     }