Fix check of dtls1_process_record

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #18369) (cherry picked from commit 639e576)
openssl · May 26, 2022 · c77eb85 · c77eb85
1 parent 4f42f2a
commit c77eb85
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 9 deletions.
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
@@ -402,7 +402,7 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
 
     if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
         goto err;
-    if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
+    if (PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst) <= 0)
         goto err;
     if (!PKCS7_add_signer(p7, si))
         goto err;
@@ -560,7 +560,7 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
 
     if ((ri = PKCS7_RECIP_INFO_new()) == NULL)
         goto err;
-    if (!PKCS7_RECIP_INFO_set(ri, x509))
+    if (PKCS7_RECIP_INFO_set(ri, x509) <= 0)
         goto err;
     if (!PKCS7_add_recipient_info(p7, ri))
         goto err;

diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c
@@ -1099,7 +1099,7 @@ static int addr_contains(IPAddressOrRanges *parent,
     for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
         if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
                              c_min, c_max, length))
-            return -1;
+            return 0;
         for (;; p++) {
             if (p >= sk_IPAddressOrRange_num(parent))
                 return 0;

diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
@@ -285,7 +285,7 @@ int dtls1_process_buffered_records(SSL *s)
             if (!replayok || !dtls1_process_record(s, bitmap)) {
                 if (ossl_statem_in_error(s)) {
                     /* dtls1_process_record called SSLfatal() */
-                    return -1;
+                    return 0;
                 }
                 /* dump this record */
                 rr->length = 0;
@@ -535,7 +535,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
          */
         if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
             s->d1->shutdown_received
-            && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+            && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) {
             s->shutdown |= SSL_RECEIVED_SHUTDOWN;
             return 0;
         }
@@ -596,7 +596,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
                  * that nothing gets discarded.
                  */
                 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-                    BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+                    BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) {
                     s->d1->shutdown_received = 1;
                     s->rwstate = SSL_READING;
                     BIO_clear_retry_flags(SSL_get_rbio(s));

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
@@ -1550,7 +1550,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
             imac_size = EVP_MD_get_size(tmpmd);
             if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
                     SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
-                    return -1;
+                    return 0;
             }
             mac_size = (size_t)imac_size;
         }

diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
@@ -301,7 +301,7 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
 int srp_generate_server_master_secret(SSL *s)
 {
     BIGNUM *K = NULL, *u = NULL;
-    int ret = -1, tmp_len = 0;
+    int ret = 0, tmp_len = 0;
     unsigned char *tmp = NULL;
 
     if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
@@ -331,7 +331,7 @@ int srp_generate_server_master_secret(SSL *s)
 int srp_generate_client_master_secret(SSL *s)
 {
     BIGNUM *x = NULL, *u = NULL, *K = NULL;
-    int ret = -1, tmp_len = 0;
+    int ret = 0, tmp_len = 0;
     char *passwd = NULL;
     unsigned char *tmp = NULL;