Fix some return checks in ecdh_cms_encrypt()

i2d functions return <= 0 on error, so check for that instead of == 0. The issue with CMS_SharedInfo_encode() was found by Niels Dossche. OpenSSL review overlooked that they had turned penclen into a size_t. In principle the issue with i2d_X509_ALGOR() is purely cosmetic. Why do a strange check when there is an idiomatic check? Then again this is CMS... ok jsing
author: tb <> 2023-03-06 08:37:24 +0000
committer: tb <> 2023-03-06 08:37:24 +0000
commit: c32ff5d590d375133b0f6ea63f64836460523ada (patch)
tree: 76824b9082f6ec29957aaaa0d4e933577d68d52f
parent: daaadcc1de30d7b6dc48967a86d15a6642905d70 (diff)
download: openbsd-c32ff5d590d375133b0f6ea63f64836460523ada.tar.gz
openbsd-c32ff5d590d375133b0f6ea63f64836460523ada.tar.bz2
openbsd-c32ff5d590d375133b0f6ea63f64836460523ada.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index d9216cc451..a3ac989e6f 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.36 2022/11/26 16:08:52 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.37 2023/03/06 08:37:24 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -976,7 +976,7 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
                goto err;
        penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);
-        if (!penclen)
+        if (penclen <= 0)
                goto err;
        if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)
@@ -988,7 +988,7 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
         * of another AlgorithmIdentifier.
         */
        penclen = i2d_X509_ALGOR(wrap_alg, &penc);
-        if (!penc || !penclen)
+        if (penclen <= 0)
                goto err;
        wrap_str = ASN1_STRING_new();
        if (wrap_str == NULL)
author	tb <>	2023-03-06 08:37:24 +0000
committer	tb <>	2023-03-06 08:37:24 +0000
commit	c32ff5d590d375133b0f6ea63f64836460523ada (patch)
tree	76824b9082f6ec29957aaaa0d4e933577d68d52f
parent	daaadcc1de30d7b6dc48967a86d15a6642905d70 (diff)
download	openbsd-c32ff5d590d375133b0f6ea63f64836460523ada.tar.gz openbsd-c32ff5d590d375133b0f6ea63f64836460523ada.tar.bz2 openbsd-c32ff5d590d375133b0f6ea63f64836460523ada.zip

diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c index d9216cc451..a3ac989e6f 100644 --- a/src/lib/libcrypto/ec/ec_ameth.c +++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_ameth.c,v 1.36 2022/11/26 16:08:52 tb Exp $ */	1	/* $OpenBSD: ec_ameth.c,v 1.37 2023/03/06 08:37:24 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -976,7 +976,7 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
976	goto err;	976	goto err;
977		977
978	penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);	978	penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);
979	if (!penclen)	979	if (penclen <= 0)
980	goto err;	980	goto err;
981		981
982	if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)	982	if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)
@@ -988,7 +988,7 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
988	* of another AlgorithmIdentifier.	988	* of another AlgorithmIdentifier.
989	*/	989	*/
990	penclen = i2d_X509_ALGOR(wrap_alg, &penc);	990	penclen = i2d_X509_ALGOR(wrap_alg, &penc);
991	if (!penc \|\| !penclen)	991	if (penclen <= 0)
992	goto err;	992	goto err;
993	wrap_str = ASN1_STRING_new();	993	wrap_str = ASN1_STRING_new();
994	if (wrap_str == NULL)	994	if (wrap_str == NULL)