From 154ea425e647de4a497aa28c91d279aa93b3bf60 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 27 May 2020 11:38:39 +0100 Subject: Correctly handle the return value from EVP_Cipher() in the CMAC code EVP_Cipher() is a very low level routine that directly calls the underlying cipher function. It's return value semantics are very odd. Depending on the type of cipher 0 or -1 is returned on error. We should just check for <=0 for a failure. Fixes #11957 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11972) --- crypto/cmac/cmac.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'crypto/cmac') diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index ffe284797a..81a6490384 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -145,7 +145,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 0; if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0) return 0; - if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl) <= 0) return 0; make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k2, ctx->k1, bl); @@ -186,12 +186,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 1; data += nleft; /* Else not final block so encrypt it */ - if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl) <= 0) return 0; } /* Encrypt all but one of the complete blocks left */ while (dlen > (size_t)bl) { - if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, data, bl) <= 0) return 0; dlen -= bl; data += bl; -- cgit v1.2.1