OpenSSL: Check EVP_MAC_update() return value more consistently

Check this in crypto_hash_update() to be more consistent and report any
error in crypto_hash_finish().

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index c6369e8ab39ee6d5f4ac30d2cc57338d5a35b069..1334f0b7152ed2f83991136c47b8b4120b23dad1 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -1313,6 +1313,7 @@ struct crypto_hash {
 #else /* OpenSSL version >= 3.0 */
        HMAC_CTX *ctx;
 #endif /* OpenSSL version >= 3.0 */
+       bool failed;
 };
 
 
@@ -1425,9 +1426,11 @@ void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
        if (ctx == NULL)
                return;
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-       EVP_MAC_update(ctx->ctx, data, len);
+       if (!EVP_MAC_update(ctx->ctx, data, len))
+               ctx->failed = true;
 #else /* OpenSSL version >= 3.0 */
-       HMAC_Update(ctx->ctx, data, len);
+       if (!HMAC_Update(ctx->ctx, data, len))
+               ctx->failed = true;
 #endif /* OpenSSL version >= 3.0 */
 }
 
@@ -1437,6 +1440,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
        size_t mdlen;
        int res;
+       bool failed;
 
        if (!ctx)
                return -2;
@@ -1455,11 +1459,15 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
        }
        res = EVP_MAC_final(ctx->ctx, mac, &mdlen, mdlen);
        EVP_MAC_CTX_free(ctx->ctx);
+       failed = ctx->failed;
        bin_clear_free(ctx, sizeof(*ctx));
 
        if (TEST_FAIL())
                return -1;
 
+       if (failed)
+               return -2;
+
        if (res == 1) {
                *len = mdlen;
                return 0;
@@ -1469,6 +1477,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
 #else /* OpenSSL version >= 3.0 */
        unsigned int mdlen;
        int res;
+       bool failed;
 
        if (ctx == NULL)
                return -2;
@@ -1482,11 +1491,15 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
        mdlen = *len;
        res = HMAC_Final(ctx->ctx, mac, &mdlen);
        HMAC_CTX_free(ctx->ctx);
+       failed = ctx->failed;
        bin_clear_free(ctx, sizeof(*ctx));
 
        if (TEST_FAIL())
                return -1;
 
+       if (failed)
+               return -2;
+
        if (res == 1) {
                *len = mdlen;
                return 0;