From: Peiwei Hu Date: Sat, 21 May 2022 08:38:58 +0000 (+0800) Subject: Fix check of dtls1_process_record X-Git-Tag: openssl-3.2.0-alpha1~2614 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=639e576023aa2492ca87e1e6503c40d2e8c9a24e;p=thirdparty%2Fopenssl.git Fix check of dtls1_process_record Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18369) --- diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 44b5d0141bc..eaa46a33386 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -403,7 +403,7 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, if ((si = PKCS7_SIGNER_INFO_new()) == NULL) goto err; - if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst)) + if (PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst) <= 0) goto err; if (!PKCS7_add_signer(p7, si)) goto err; @@ -561,7 +561,7 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) if ((ri = PKCS7_RECIP_INFO_new()) == NULL) goto err; - if (!PKCS7_RECIP_INFO_set(ri, x509)) + if (PKCS7_RECIP_INFO_set(ri, x509) <= 0) goto err; if (!PKCS7_add_recipient_info(p7, ri)) goto err; diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c index 8bb35bd8a35..feefb9c3dff 100644 --- a/crypto/x509/v3_addr.c +++ b/crypto/x509/v3_addr.c @@ -1099,7 +1099,7 @@ static int addr_contains(IPAddressOrRanges *parent, for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { if (!extract_min_max(sk_IPAddressOrRange_value(child, c), c_min, c_max, length)) - return -1; + return 0; for (;; p++) { if (p >= sk_IPAddressOrRange_num(parent)) return 0; diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 336ebc8b798..532413e4d32 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -285,7 +285,7 @@ int dtls1_process_buffered_records(SSL *s) if (!replayok || !dtls1_process_record(s, bitmap)) { if (ossl_statem_in_error(s)) { /* dtls1_process_record called SSLfatal() */ - return -1; + return 0; } /* dump this record */ rr->length = 0; @@ -535,7 +535,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && s->d1->shutdown_received - && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { + && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return 0; } @@ -596,7 +596,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * that nothing gets discarded. */ if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { + BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) { s->d1->shutdown_received = 1; s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index de529669a60..3b3b1135ed7 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1566,7 +1566,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) imac_size = EVP_MD_get_size(tmpmd); if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - return -1; + return 0; } mac_size = (size_t)imac_size; } diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index 0ce3290dc4a..e69ddfe9d58 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -301,7 +301,7 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, int srp_generate_server_master_secret(SSL *s) { BIGNUM *K = NULL, *u = NULL; - int ret = -1, tmp_len = 0; + int ret = 0, tmp_len = 0; unsigned char *tmp = NULL; if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N)) @@ -331,7 +331,7 @@ int srp_generate_server_master_secret(SSL *s) int srp_generate_client_master_secret(SSL *s) { BIGNUM *x = NULL, *u = NULL, *K = NULL; - int ret = -1, tmp_len = 0; + int ret = 0, tmp_len = 0; char *passwd = NULL; unsigned char *tmp = NULL;