Submitted by: Julia Lawall <julia@diku.dk>
authorDr. Stephen Henson <steve@openssl.org>
Sun, 13 Sep 2009 11:27:27 +0000 (11:27 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 13 Sep 2009 11:27:27 +0000 (11:27 +0000)
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.

CHANGES
apps/ts.c
crypto/cms/cms_ess.c
crypto/cryptlib.c
crypto/engine/eng_ctrl.c
crypto/rsa/rsa_pss.c
ssl/d1_enc.c
ssl/s3_clnt.c

diff --git a/CHANGES b/CHANGES
index 17fd386..fab83ce 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.8k and 1.0  [xx XXX xxxx]
 
+  *) The function EVP_PKEY_sign() returns <=0 on error: check return code
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+
   *) Update verify callback code in apps/s_cb.c and apps/verify.c, it
      needlessly dereferenced structures, used obsolete functions and
      didn't handle all updated verify codes correctly.
 
  Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
 
+  *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
+     CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
+     fixes for a few places where the return code is not checked
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+
   *) Add --strict-warnings option to Configure script to include devteam
      warnings in other configurations.
      [Steve Henson]
index d73b4eb..bedb602 100644 (file)
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -649,7 +649,7 @@ static ASN1_INTEGER *create_nonce(int bits)
 
        /* Generating random byte sequence. */
        if (len > (int)sizeof(buf)) goto err;
-       if (!RAND_bytes(buf, len)) goto err;
+       if (RAND_bytes(buf, len) <= 0) goto err;
 
        /* Find the first non-zero byte and creating ASN1_INTEGER object. */
        for (i = 0; i < len && !buf[i]; ++i);
index deb67dd..90c0b82 100644 (file)
@@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
 
        /* Get original receipt request details */
 
-       if (!CMS_get1_ReceiptRequest(osi, &rr))
+       if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
                {
                CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
                goto err;
@@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
 
        /* Get original receipt request details */
 
-       if (!CMS_get1_ReceiptRequest(si, &rr))
+       if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
                {
                CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
                goto err;
index 41be45d..9a39d7e 100644 (file)
@@ -847,7 +847,7 @@ void OPENSSL_showfatal (const char *fmta,...)
 
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
     /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && OPENSSL_isservice())
+    if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
     {  HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
        const TCHAR *pmsg=buf;
        ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
index 95b6b45..5ce25d9 100644 (file)
@@ -280,7 +280,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
                }
        /* Force the result of the control command to 0 or 1, for the reasons
         * mentioned before. */
-        if (ENGINE_ctrl(e, num, i, p, f))
+        if (ENGINE_ctrl(e, num, i, p, f) > 0)
                 return 1;
         return 0;
         }
@@ -345,7 +345,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
                 * usage of these commands is consistent across applications and
                 * that certain applications don't understand it one way, and
                 * others another. */
-               if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+               if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
                        return 1;
                return 0;
                }
@@ -360,7 +360,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
        if(flags & ENGINE_CMD_FLAG_STRING)
                {
                /* Same explanation as above */
-               if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+               if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
                        return 1;
                return 0;
                }
@@ -383,7 +383,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
                }
        /* Force the result of the control command to 0 or 1, for the reasons
         * mentioned before. */
-       if(ENGINE_ctrl(e, num, l, NULL, NULL))
+       if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
                return 1;
        return 0;
        }
index 775c361..ac211e2 100644 (file)
@@ -222,7 +222,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
                                ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
-               if (!RAND_bytes(salt, sLen))
+               if (RAND_bytes(salt, sLen) <= 0)
                        goto err;
                }
        maskedDBLen = emLen - hLen - 1;
index 7f3e57f..8fa5734 100644 (file)
@@ -155,7 +155,7 @@ int dtls1_enc(SSL *s, int send)
                                        __FILE__, __LINE__);
                        else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
                                {
-                               if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
+                               if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
                                        return -1;
                                }
                        }
index 861ce30..a62ffd5 100644 (file)
@@ -2707,7 +2707,7 @@ int ssl3_send_client_verify(SSL *s)
                s->method->ssl3_enc->cert_verify_mac(s,
                        NID_id_GostR3411_94,
                        data);
-               if (!EVP_PKEY_sign(pctx,signbuf,&sigsize,data,32)) {
+               if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
                        SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
                        ERR_R_INTERNAL_ERROR);
                        goto err;