Fix check of dtls1_process_record

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18369)
2025-01-30 14:01:55 +08:00 · 2022-05-21 16:38:58 +08:00 · 2022-05-21 16:38:58 +08:00 · 639e576023
commit 639e576023
parent ef8040bce0
5 changed files with 9 additions and 9 deletions
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@ -403,7 +403,7 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,

    if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
        goto err;
-    if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
+    if (PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst) <= 0)
        goto err;
    if (!PKCS7_add_signer(p7, si))
        goto err;
@ -561,7 +561,7 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)

    if ((ri = PKCS7_RECIP_INFO_new()) == NULL)
        goto err;
-    if (!PKCS7_RECIP_INFO_set(ri, x509))
+    if (PKCS7_RECIP_INFO_set(ri, x509) <= 0)
        goto err;
    if (!PKCS7_add_recipient_info(p7, ri))
        goto err;
--- a/crypto/x509/v3_addr.c
+++ b/crypto/x509/v3_addr.c
@ -1099,7 +1099,7 @@ static int addr_contains(IPAddressOrRanges *parent,
    for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
        if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
                             c_min, c_max, length))
-            return -1;
+            return 0;
        for (;; p++) {
            if (p >= sk_IPAddressOrRange_num(parent))
                return 0;
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@ -285,7 +285,7 @@ int dtls1_process_buffered_records(SSL *s)
            if (!replayok || !dtls1_process_record(s, bitmap)) {
                if (ossl_statem_in_error(s)) {
                    /* dtls1_process_record called SSLfatal() */
-                    return -1;
+                    return 0;
                }
                /* dump this record */
                rr->length = 0;
@ -535,7 +535,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
         */
        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
            s->d1->shutdown_received
-            && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+            && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) {
            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
            return 0;
        }
@ -596,7 +596,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
                 * that nothing gets discarded.
                 */
                if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-                    BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+                    BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) {
                    s->d1->shutdown_received = 1;
                    s->rwstate = SSL_READING;
                    BIO_clear_retry_flags(SSL_get_rbio(s));
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@ -1566,7 +1566,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
            imac_size = EVP_MD_get_size(tmpmd);
            if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
-                    return -1;
+                    return 0;
            }
            mac_size = (size_t)imac_size;
        }
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@ -301,7 +301,7 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
 int srp_generate_server_master_secret(SSL *s)
 {
    BIGNUM *K = NULL, *u = NULL;
-    int ret = -1, tmp_len = 0;
+    int ret = 0, tmp_len = 0;
    unsigned char *tmp = NULL;

    if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
@ -331,7 +331,7 @@ int srp_generate_server_master_secret(SSL *s)
 int srp_generate_client_master_secret(SSL *s)
 {
    BIGNUM *x = NULL, *u = NULL, *K = NULL;
-    int ret = -1, tmp_len = 0;
+    int ret = 0, tmp_len = 0;
    char *passwd = NULL;
    unsigned char *tmp = NULL;