Bugfix: unsafe return check of EVP_PKEY_fromdata_init

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16783)
2021-10-08 16:59:00 +08:00 · 2021-10-08 16:59:00 +08:00 · 5e199c356d
parent 518ce65d93
commit 5e199c356d
3 changed files with 3 additions and 3 deletions
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@ -383,7 +383,7 @@ static EVP_PKEY *dsa_to_dh(EVP_PKEY *dh)

    ctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL);
    if (ctx == NULL
-            || !EVP_PKEY_fromdata_init(ctx)
+            || EVP_PKEY_fromdata_init(ctx) <= 0
            || !EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params)) {
        BIO_printf(bio_err, "Error, failed to set DH parameters\n");
        goto err;
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@ -630,7 +630,7 @@ static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len,
    if (ctx == NULL)
        goto err;

-    if (!EVP_PKEY_fromdata_init(ctx)) {
+    if (EVP_PKEY_fromdata_init(ctx) <= 0) {
        ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED);
        goto err;
    }
--- a/test/helpers/predefined_dhparams.c
+++ b/test/helpers/predefined_dhparams.c
@ -23,7 +23,7 @@ static EVP_PKEY *get_dh_from_pg_bn(OSSL_LIB_CTX *libctx, const char *type,
    OSSL_PARAM *params = NULL;
    EVP_PKEY *dhpkey = NULL;

-    if (pctx == NULL || !EVP_PKEY_fromdata_init(pctx))
+    if (pctx == NULL || EVP_PKEY_fromdata_init(pctx) <= 0)
        goto err;

    if ((tmpl = OSSL_PARAM_BLD_new()) == NULL