Fix wrong return value checks for some functions

- in particular in use of X509_LOOKUP_load_file, EVP_PKEY_print_params,
EVP_PKEY_keygen, X509_CRL_add1_ext_i2d, EVP_PKEY_keygen_init

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)

diff --git a/apps/ecparam.c b/apps/ecparam.c
index 35899522d29767d0589982bf76e562b57f0bb01a..bbd3c9e633ccd21323a7e7969c1fe8dbe5be941c 100644 (file)
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -277,7 +277,7 @@ int ecparam_main(int argc, char **argv)
     }
 
     if (text
-        && !EVP_PKEY_print_params(out, params_key, 0, NULL)) {
+        && EVP_PKEY_print_params(out, params_key, 0, NULL) <= 0) {
         BIO_printf(bio_err, "unable to print params\n");
         goto end;
     }

diff --git a/apps/speed.c b/apps/speed.c
index 4b24cd37a5a5cece6c583c1a641cdbd4549b9079..bfe42fe395fe3ada877d72c3feb8a90cbc008add 100644 (file)
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -3232,7 +3232,7 @@ int speed_main(int argc, char **argv)
                 && EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, rsa_keys[testnum].bits) > 0
                 && EVP_PKEY_CTX_set1_rsa_keygen_pubexp(genctx, bn) > 0
                 && EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) > 0
-                && EVP_PKEY_keygen(genctx, &rsa_key);
+                && EVP_PKEY_keygen(genctx, &rsa_key) > 0;
             BN_free(bn);
             bn = NULL;
             EVP_PKEY_CTX_free(genctx);

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8cccf5702156d87d214b9c5a59774204901021cd..b8a5ec49279d9a0fb8dc3e0702e534cb38c0643f 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2198,7 +2198,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
     }
 
     /* Set base CRL number: must be critical */
-    if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0)) {
+    if (X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0) <= 0) {
         ERR_raise(ERR_LIB_X509, ERR_R_X509_LIB);
         goto err;
     }

diff --git a/test/sslapitest.c b/test/sslapitest.c
index ff151390fe2d256e00762a54518bfd0b1588967f..cbb8ff5f07de380f86487c76b2ad37315bfd2e8c 100644 (file)
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -10044,7 +10044,7 @@ static int create_cert_key(int idx, char *certfilename, char *privkeyfilename)
     int ret = 1;
 
     if (!TEST_ptr(evpctx)
-        || !TEST_true(EVP_PKEY_keygen_init(evpctx))
+        || !TEST_int_gt(EVP_PKEY_keygen_init(evpctx), 0)
         || !TEST_true(EVP_PKEY_generate(evpctx, &pkey))
         || !TEST_ptr(pkey)
         || !TEST_ptr(x509)

diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c
index 38ecd5b8637e1db08cbac23b129283d5a9be00b6..57f761f078e50e2fb577235f9fad11fc85c10669 100644 (file)
--- a/test/verify_extra_test.c
+++ b/test/verify_extra_test.c
@@ -75,7 +75,7 @@ static int test_alt_chains_cert_forgery(void)
     lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
     if (lookup == NULL)
         goto err;
-    if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM))
+    if (X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM) <= 0)
         goto err;
 
     untrusted = load_certs_pem(untrusted_f);