Bugfix: unsafe return check of EVP_PKEY_fromdata

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16783)

diff --git a/apps/dhparam.c b/apps/dhparam.c
index 6b8546e93b231da09db6be5d691335f211703d11..db9e964cf0c5fc27f01d3c84dca9cf1f6f0e05ed 100644 (file)
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -384,7 +384,7 @@ static EVP_PKEY *dsa_to_dh(EVP_PKEY *dh)
     ctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL);
     if (ctx == NULL
             || EVP_PKEY_fromdata_init(ctx) <= 0
-            || !EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params)) {
+            || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) {
         BIO_printf(bio_err, "Error, failed to set DH parameters\n");
         goto err;
     }

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 424d11b2599a71cfd58d13fb21714c4d8855f248..61cfe1efb9558b2554b7b94e2b7daa0e9af1abc3 100644 (file)
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -649,7 +649,7 @@ static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len,
 #  endif
     *p = OSSL_PARAM_construct_end();
 
-    if (!EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params)) {
+    if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) {
         ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED);
         goto err;
     }

diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c
index b2f6601188871d5663b115de49bf113e8606364d..ebb9c8891d326cfa84c5f6f8baa95e4e587de6f5 100644 (file)
--- a/test/helpers/predefined_dhparams.c
+++ b/test/helpers/predefined_dhparams.c
@@ -35,7 +35,7 @@ static EVP_PKEY *get_dh_from_pg_bn(OSSL_LIB_CTX *libctx, const char *type,
 
     params = OSSL_PARAM_BLD_to_param(tmpl);
     if (params == NULL
-        || !EVP_PKEY_fromdata(pctx, &dhpkey, EVP_PKEY_KEY_PARAMETERS, params))
+        || EVP_PKEY_fromdata(pctx, &dhpkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0)
         goto err;
 
  err: