Bugfix: unsafe return check of EVP_PKEY_fromdata_init

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16783)

diff --git a/apps/dhparam.c b/apps/dhparam.c
index 982b2db54936003aafe818b43dfd368852bde824..6b8546e93b231da09db6be5d691335f211703d11 100644 (file)
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -383,7 +383,7 @@ static EVP_PKEY *dsa_to_dh(EVP_PKEY *dh)
 
     ctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL);
     if (ctx == NULL
-            || !EVP_PKEY_fromdata_init(ctx)
+            || EVP_PKEY_fromdata_init(ctx) <= 0
             || !EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params)) {
         BIO_printf(bio_err, "Error, failed to set DH parameters\n");
         goto err;

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 2bc1237488d35f4c9682737706eaf73aa498d364..424d11b2599a71cfd58d13fb21714c4d8855f248 100644 (file)
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -630,7 +630,7 @@ static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len,
     if (ctx == NULL)
         goto err;
 
-    if (!EVP_PKEY_fromdata_init(ctx)) {
+    if (EVP_PKEY_fromdata_init(ctx) <= 0) {
         ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED);
         goto err;
     }

diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c
index a6dd8c08a58601486e8c3b9652a37cf9ff76ad91..b2f6601188871d5663b115de49bf113e8606364d 100644 (file)
--- a/test/helpers/predefined_dhparams.c
+++ b/test/helpers/predefined_dhparams.c
@@ -23,7 +23,7 @@ static EVP_PKEY *get_dh_from_pg_bn(OSSL_LIB_CTX *libctx, const char *type,
     OSSL_PARAM *params = NULL;
     EVP_PKEY *dhpkey = NULL;
 
-    if (pctx == NULL || !EVP_PKEY_fromdata_init(pctx))
+    if (pctx == NULL || EVP_PKEY_fromdata_init(pctx) <= 0)
         goto err;
 
     if ((tmpl = OSSL_PARAM_BLD_new()) == NULL