From 639e576023aa2492ca87e1e6503c40d2e8c9a24e Mon Sep 17 00:00:00 2001 From: Peiwei Hu Date: Sat, 21 May 2022 16:38:58 +0800 Subject: [PATCH] Fix check of dtls1_process_record Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18369) --- crypto/pkcs7/pk7_lib.c | 4 ++-- crypto/x509/v3_addr.c | 2 +- ssl/record/rec_layer_d1.c | 6 +++--- ssl/record/ssl3_record.c | 2 +- ssl/tls_srp.c | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 44b5d0141b..eaa46a3338 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -403,7 +403,7 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, if ((si = PKCS7_SIGNER_INFO_new()) == NULL) goto err; - if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst)) + if (PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst) <= 0) goto err; if (!PKCS7_add_signer(p7, si)) goto err; @@ -561,7 +561,7 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) if ((ri = PKCS7_RECIP_INFO_new()) == NULL) goto err; - if (!PKCS7_RECIP_INFO_set(ri, x509)) + if (PKCS7_RECIP_INFO_set(ri, x509) <= 0) goto err; if (!PKCS7_add_recipient_info(p7, ri)) goto err; diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c index 8bb35bd8a3..feefb9c3df 100644 --- a/crypto/x509/v3_addr.c +++ b/crypto/x509/v3_addr.c @@ -1099,7 +1099,7 @@ static int addr_contains(IPAddressOrRanges *parent, for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { if (!extract_min_max(sk_IPAddressOrRange_value(child, c), c_min, c_max, length)) - return -1; + return 0; for (;; p++) { if (p >= sk_IPAddressOrRange_num(parent)) return 0; diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 336ebc8b79..532413e4d3 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -285,7 +285,7 @@ int dtls1_process_buffered_records(SSL *s) if (!replayok || !dtls1_process_record(s, bitmap)) { if (ossl_statem_in_error(s)) { /* dtls1_process_record called SSLfatal() */ - return -1; + return 0; } /* dump this record */ rr->length = 0; @@ -535,7 +535,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && s->d1->shutdown_received - && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { + && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return 0; } @@ -596,7 +596,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * that nothing gets discarded. */ if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { + BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) { s->d1->shutdown_received = 1; s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index de529669a6..3b3b1135ed 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1566,7 +1566,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) imac_size = EVP_MD_get_size(tmpmd); if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - return -1; + return 0; } mac_size = (size_t)imac_size; } diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index 0ce3290dc4..e69ddfe9d5 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -301,7 +301,7 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, int srp_generate_server_master_secret(SSL *s) { BIGNUM *K = NULL, *u = NULL; - int ret = -1, tmp_len = 0; + int ret = 0, tmp_len = 0; unsigned char *tmp = NULL; if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N)) @@ -331,7 +331,7 @@ int srp_generate_server_master_secret(SSL *s) int srp_generate_client_master_secret(SSL *s) { BIGNUM *x = NULL, *u = NULL, *K = NULL; - int ret = -1, tmp_len = 0; + int ret = 0, tmp_len = 0; char *passwd = NULL; unsigned char *tmp = NULL; -- 2.34.1