From d649c51a5388912277dffb56d921eb720db54be1 Mon Sep 17 00:00:00 2001 From: Peiwei Hu Date: Sat, 21 May 2022 16:17:23 +0800 Subject: [PATCH] Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18368) --- apps/speed.c | 4 ++-- crypto/evp/evp_enc.c | 2 +- providers/fips/self_test_kats.c | 8 ++++---- providers/implementations/macs/gmac_prov.c | 4 ++-- ssl/t1_enc.c | 14 ++++++------- ssl/tls13_enc.c | 6 +++--- test/acvp_test.c | 24 +++++++++++----------- test/evp_extra_test.c | 16 +++++++-------- test/evp_test.c | 24 +++++++++++----------- 9 files changed, 51 insertions(+), 51 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 377686681b0..3ecc0e9366f 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -3608,8 +3608,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, app_bail_out("failed to set cipher key\n"); OPENSSL_clear_free(key, keylen); - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, - sizeof(no_key), no_key)) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, + sizeof(no_key), no_key) <= 0) app_bail_out("failed to set AEAD key\n"); if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL) app_bail_out("failed to get cipher name\n"); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index a8f43b9b76c..6bb893c4d99 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -319,7 +319,7 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, /* Preserve wrap enable flag, zero everything else */ ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) { ctx->cipher = NULL; ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 94a0cf842c0..3a7d095c7b6 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -72,10 +72,10 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, in_tag = (unsigned char *)t->tag; return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc) - && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) + && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0) && (in_tag == NULL || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len, - in_tag)) + in_tag) > 0) && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc) && EVP_CIPHER_CTX_set_padding(ctx, pad) && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len); @@ -117,8 +117,8 @@ static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st, if (t->tag != NULL) { unsigned char tag[16] = { 0 }; - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len, - tag) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len, + tag) <= 0 || memcmp(tag, t->tag, t->tag_len) != 0) goto err; } diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index ad189d9c146..3dd38ecd7ca 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -235,8 +235,8 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) if (p->data_type != OSSL_PARAM_OCTET_STRING) return 0; - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - p->data_size, NULL) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + p->data_size, NULL) <= 0 || !EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, p->data)) return 0; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 900ba14fbdb..26182a1cd6e 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -352,8 +352,8 @@ int tls1_change_cipher_state(SSL *s, int which) if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) - || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k, - iv)) { + || EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k, + iv) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -365,9 +365,9 @@ int tls1_change_cipher_state(SSL *s, int which) else taglen = EVP_CCM_TLS_TAG_LEN; if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE)) - || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) - || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) - || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv) + || (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) <= 0) + || (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0) + || (EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv) <= 0) || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -381,8 +381,8 @@ int tls1_change_cipher_state(SSL *s, int which) /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ if ((EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size - && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, - (int)*mac_secret_size, mac_secret)) { + && EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, + (int)*mac_secret_size, mac_secret) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index a14cbb1785a..47b19fd35a7 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -385,9 +385,9 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, } if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, sending) <= 0 - || !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) - || (taglen != 0 && !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, - taglen, NULL)) + || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) <= 0 + || (taglen != 0 && EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, + taglen, NULL) <= 0) || EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); return 0; diff --git a/test/acvp_test.c b/test/acvp_test.c index 90a97e2bf4c..7617918a66e 100644 --- a/test/acvp_test.c +++ b/test/acvp_test.c @@ -734,10 +734,10 @@ static int aes_ccm_enc_dec(const char *alg, if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) - || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, - NULL)) - || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, - enc ? NULL : (void *)tag)) + || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, + NULL), 0) + || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, + enc ? NULL : (void *)tag), 0) || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len)) @@ -753,8 +753,8 @@ static int aes_ccm_enc_dec(const char *alg, goto err; if (enc) { out_len += len; - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - tag_len, out + out_len)) + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + tag_len, out + out_len), 0) || !TEST_mem_eq(out, out_len, ct, ct_len) || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) goto err; @@ -821,13 +821,13 @@ static int aes_gcm_enc_dec(const char *alg, if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) - || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, - NULL))) + || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, + NULL), 0)) goto err; if (!enc) { - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, - (void *)tag))) + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, + (void *)tag), 0)) goto err; } /* @@ -850,8 +850,8 @@ static int aes_gcm_enc_dec(const char *alg, out_len += len; if (enc) { if (!TEST_mem_eq(out, out_len, ct, ct_len) - || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - tag_len, out + out_len)) + || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + tag_len, out + out_len), 0) || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) goto err; } else { diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 48b01cf72a2..b7f2fe7e283 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -3531,7 +3531,7 @@ static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) int res = 0; if (t->ivlen != 0) { - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL))) + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0)) goto err; } if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) @@ -3597,8 +3597,8 @@ static int test_evp_init_seq(int idx) } if (t->finalenc == 0 && t->tag != NULL) { /* Set expected tag */ - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - t->taglen, (void *)t->tag))) { + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + t->taglen, (void *)t->tag), 0)) { errmsg = "SET_TAG"; goto err; } @@ -3612,7 +3612,7 @@ static int test_evp_init_seq(int idx) goto err; } if (t->finalenc != 0 && t->tag != NULL) { - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { errmsg = "GET_TAG"; goto err; } @@ -3873,7 +3873,7 @@ static int test_gcm_reinit(int idx) errmsg = "ENC_INIT"; goto err; } - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) { + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) { errmsg = "SET_IVLEN1"; goto err; } @@ -3899,7 +3899,7 @@ static int test_gcm_reinit(int idx) errmsg = "WRONG_RESULT1"; goto err; } - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { errmsg = "GET_TAG1"; goto err; } @@ -3908,7 +3908,7 @@ static int test_gcm_reinit(int idx) goto err; } /* Now reinit */ - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) { + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) { errmsg = "SET_IVLEN2"; goto err; } @@ -3933,7 +3933,7 @@ static int test_gcm_reinit(int idx) errmsg = "WRONG_RESULT2"; goto err; } - if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { + if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { errmsg = "GET_TAG2"; goto err; } diff --git a/test/evp_test.c b/test/evp_test.c index 6427137b37b..4198787bb95 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -769,8 +769,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc, } if (expected->iv) { if (expected->aead) { - if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN, - expected->iv_len, 0)) { + if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN, + expected->iv_len, 0) <= 0) { t->err = "INVALID_IV_LENGTH"; goto err; } @@ -793,8 +793,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc, tag = expected->tag; } if (tag || expected->aead != EVP_CIPH_GCM_MODE) { - if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG, - expected->tag_len, tag)) + if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG, + expected->tag_len, tag) <= 0) goto err; } } @@ -802,7 +802,7 @@ static int cipher_test_enc(EVP_TEST *t, int enc, if (expected->rounds > 0) { int rounds = (int)expected->rounds; - if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)) { + if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) { t->err = "INVALID_ROUNDS"; goto err; } @@ -815,7 +815,7 @@ static int cipher_test_enc(EVP_TEST *t, int enc, if (expected->key_bits > 0) { int bits = (int)expected->key_bits; - if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL)) { + if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) { t->err = "INVALID KEY BITS"; goto err; } @@ -856,9 +856,9 @@ static int cipher_test_enc(EVP_TEST *t, int enc, ERR_pop_to_mark(); if (expected->mac_key != NULL - && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, + && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, (int)expected->mac_key_len, - (void *)expected->mac_key)) { + (void *)expected->mac_key) <= 0) { t->err = "SET_MAC_KEY_ERROR"; goto err; } @@ -934,8 +934,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc, OPENSSL_free(tls_aad); } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late)) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - expected->tag_len, expected->tag)) { + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + expected->tag_len, expected->tag) <= 0) { t->err = "TAG_SET_ERROR"; goto err; } @@ -997,8 +997,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc, t->err = "TAG_LENGTH_INTERNAL_ERROR"; goto err; } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - expected->tag_len, rtag)) { + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + expected->tag_len, rtag) <= 0) { t->err = "TAG_RETRIEVE_ERROR"; goto err; } -- 2.47.2