diff --git a/crypto/fipsmodule/evp/evp_ctx_test.cc b/crypto/fipsmodule/evp/evp_ctx_test.cc index 2841a5f0ea..cbd32bf30e 100644 --- a/crypto/fipsmodule/evp/evp_ctx_test.cc +++ b/crypto/fipsmodule/evp/evp_ctx_test.cc @@ -36,7 +36,8 @@ static bssl::UniquePtr gen_RSA() { !EVP_PKEY_keygen(keygen_ctx.get(), &raw)) { return nullptr; } - return bssl::UniquePtr(EVP_PKEY_CTX_new(raw, nullptr)); + bssl::UniquePtr pkey(raw); + return bssl::UniquePtr(EVP_PKEY_CTX_new(pkey.get(), nullptr)); } TEST_F(EvpPkeyCtxCtrlStrTest, RsaMissingValue) { diff --git a/crypto/fipsmodule/evp/p_ec.c b/crypto/fipsmodule/evp/p_ec.c index 48d4cf71de..0138a3d5ac 100644 --- a/crypto/fipsmodule/evp/p_ec.c +++ b/crypto/fipsmodule/evp/p_ec.c @@ -226,18 +226,19 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { } } -static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) -{ +static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value) { if (strcmp(type, "ec_paramgen_curve") == 0) { int nid; nid = EC_curve_nist2nid(value); - if (nid == NID_undef) + if (nid == NID_undef) { nid = OBJ_sn2nid(value); - if (nid == NID_undef) + } + if (nid == NID_undef) { nid = OBJ_ln2nid(value); + } if (nid == NID_undef) { - OPENSSL_PUT_ERROR(EVP, EC_R_WRONG_CURVE_PARAMETERS); + OPENSSL_PUT_ERROR(EVP, EC_R_INVALID_ENCODING); return 0; } return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); @@ -245,10 +246,11 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, if (strcmp(type, "ec_param_enc") == 0) { int param_enc; // We don't support "explicit" - if (strcmp(value, "named_curve") == 0) + if (strcmp(value, "named_curve") == 0) { param_enc = OPENSSL_EC_NAMED_CURVE; - else + } else { return -2; + } return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc); } diff --git a/crypto/fipsmodule/evp/p_hkdf.c b/crypto/fipsmodule/evp/p_hkdf.c index d4017ba22b..7a6314b15c 100644 --- a/crypto/fipsmodule/evp/p_hkdf.c +++ b/crypto/fipsmodule/evp/p_hkdf.c @@ -214,7 +214,7 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, size_t hex_saltlen = 0; uint8_t *salt = OPENSSL_hexstr2buf(value, &hex_saltlen); if (salt == NULL) { - return -2; + return 0; } int result = EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, hex_saltlen); OPENSSL_free(salt); @@ -231,7 +231,7 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, size_t hex_keylen = 0; uint8_t *key = OPENSSL_hexstr2buf(value, &hex_keylen); if (key == NULL) { - return -2; + return 0; } int result = EVP_PKEY_CTX_set1_hkdf_key(ctx, key, hex_keylen); OPENSSL_free(key); @@ -248,7 +248,7 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, size_t hex_infolen = 0; uint8_t *info = OPENSSL_hexstr2buf(value, &hex_infolen); if (info == NULL) { - return -2; + return 0; } int result = EVP_PKEY_CTX_add1_hkdf_info(ctx, info, hex_infolen); OPENSSL_free(info); diff --git a/crypto/fipsmodule/evp/p_rsa.c b/crypto/fipsmodule/evp/p_rsa.c index 6273889abd..a93b3d2382 100644 --- a/crypto/fipsmodule/evp/p_rsa.c +++ b/crypto/fipsmodule/evp/p_rsa.c @@ -558,7 +558,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { return 1; case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: -#if defined(BORINGSSL_FIPS) +#if defined(AWSLC_FIPS) OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_OPERATION); return 0; #else @@ -775,16 +775,14 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, OPENSSL_END_ALLOW_DEPRECATED } if (strcmp(type, "rsa_oaep_label") == 0) { - size_t lablen; - int ret; - uint8_t *lab; + size_t lablen = 0; - lab = OPENSSL_hexstr2buf(value, &lablen); + uint8_t *lab = OPENSSL_hexstr2buf(value, &lablen); if (lab == NULL) { - return -2; + return 0; } - ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen); + int ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen); if (ret <= 0) { OPENSSL_free(lab); }