From 49d49c170e83b034b9812fd0ca4bc5cb42fc24df Mon Sep 17 00:00:00 2001
From: Justin Smith <justsmth@amazon.com>
Date: Mon, 16 Sep 2024 09:28:55 -0400
Subject: [PATCH] PR Feedback

---
 crypto/fipsmodule/evp/evp_ctx_test.cc |  5 +++--
 crypto/fipsmodule/evp/p_ec.c          | 18 ++++++++++--------
 crypto/fipsmodule/evp/p_hkdf.c        |  6 +++---
 crypto/fipsmodule/evp/p_rsa.c         | 12 +++++-------
 4 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/crypto/fipsmodule/evp/evp_ctx_test.cc b/crypto/fipsmodule/evp/evp_ctx_test.cc
index 2841a5f0ea..7c54416674 100644
--- a/crypto/fipsmodule/evp/evp_ctx_test.cc
+++ b/crypto/fipsmodule/evp/evp_ctx_test.cc
@@ -36,7 +36,8 @@ static bssl::UniquePtr<EVP_PKEY_CTX> gen_RSA() {
       !EVP_PKEY_keygen(keygen_ctx.get(), &raw)) {
     return nullptr;
   }
-  return bssl::UniquePtr<EVP_PKEY_CTX>(EVP_PKEY_CTX_new(raw, nullptr));
+  bssl::UniquePtr<EVP_PKEY> pkey(raw);
+  return bssl::UniquePtr<EVP_PKEY_CTX>(EVP_PKEY_CTX_new(pkey.get(), nullptr));
 }
 
 TEST_F(EvpPkeyCtxCtrlStrTest, RsaMissingValue) {
@@ -182,7 +183,7 @@ TEST_F(EvpPkeyCtxCtrlStrTest, RsaOaepLabel) {
   ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_PKCS1_OAEP_PADDING));
   ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_oaep_md(ctx.get(), EVP_sha256()));
   ASSERT_EQ(EVP_PKEY_CTX_ctrl_str(ctx.get(), "rsa_oaep_label", "aabb11"), 1);
-  ASSERT_EQ(EVP_PKEY_CTX_ctrl_str(ctx.get(), "rsa_oaep_label", "gg"), -2);
+  ASSERT_EQ(EVP_PKEY_CTX_ctrl_str(ctx.get(), "rsa_oaep_label", "gg"), 0);
 
   const char expected_label[4] = "\xaa\xbb\x11";
   const uint8_t *actual_label;
diff --git a/crypto/fipsmodule/evp/p_ec.c b/crypto/fipsmodule/evp/p_ec.c
index 48d4cf71de..0138a3d5ac 100644
--- a/crypto/fipsmodule/evp/p_ec.c
+++ b/crypto/fipsmodule/evp/p_ec.c
@@ -226,18 +226,19 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
   }
 }
 
-static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
-                            const char *type, const char *value)
-{
+static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                            const char *value) {
   if (strcmp(type, "ec_paramgen_curve") == 0) {
     int nid;
     nid = EC_curve_nist2nid(value);
-    if (nid == NID_undef)
+    if (nid == NID_undef) {
       nid = OBJ_sn2nid(value);
-    if (nid == NID_undef)
+    }
+    if (nid == NID_undef) {
       nid = OBJ_ln2nid(value);
+    }
     if (nid == NID_undef) {
-      OPENSSL_PUT_ERROR(EVP, EC_R_WRONG_CURVE_PARAMETERS);
+      OPENSSL_PUT_ERROR(EVP, EC_R_INVALID_ENCODING);
       return 0;
     }
     return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
@@ -245,10 +246,11 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
   if (strcmp(type, "ec_param_enc") == 0) {
     int param_enc;
     // We don't support "explicit"
-    if (strcmp(value, "named_curve") == 0)
+    if (strcmp(value, "named_curve") == 0) {
       param_enc = OPENSSL_EC_NAMED_CURVE;
-    else
+    } else {
       return -2;
+    }
     return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
   }
 
diff --git a/crypto/fipsmodule/evp/p_hkdf.c b/crypto/fipsmodule/evp/p_hkdf.c
index d4017ba22b..7a6314b15c 100644
--- a/crypto/fipsmodule/evp/p_hkdf.c
+++ b/crypto/fipsmodule/evp/p_hkdf.c
@@ -214,7 +214,7 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
     size_t hex_saltlen = 0;
     uint8_t *salt = OPENSSL_hexstr2buf(value, &hex_saltlen);
     if (salt == NULL) {
-      return -2;
+      return 0;
     }
     int result = EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, hex_saltlen);
     OPENSSL_free(salt);
@@ -231,7 +231,7 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
     size_t hex_keylen = 0;
     uint8_t *key = OPENSSL_hexstr2buf(value, &hex_keylen);
     if (key == NULL) {
-      return -2;
+      return 0;
     }
     int result = EVP_PKEY_CTX_set1_hkdf_key(ctx, key, hex_keylen);
     OPENSSL_free(key);
@@ -248,7 +248,7 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
     size_t hex_infolen = 0;
     uint8_t *info = OPENSSL_hexstr2buf(value, &hex_infolen);
     if (info == NULL) {
-      return -2;
+      return 0;
     }
     int result = EVP_PKEY_CTX_add1_hkdf_info(ctx, info, hex_infolen);
     OPENSSL_free(info);
diff --git a/crypto/fipsmodule/evp/p_rsa.c b/crypto/fipsmodule/evp/p_rsa.c
index 6273889abd..a93b3d2382 100644
--- a/crypto/fipsmodule/evp/p_rsa.c
+++ b/crypto/fipsmodule/evp/p_rsa.c
@@ -558,7 +558,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
       return 1;
 
     case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
-#if defined(BORINGSSL_FIPS)
+#if defined(AWSLC_FIPS)
       OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_OPERATION);
       return 0;
 #else
@@ -775,16 +775,14 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
     OPENSSL_END_ALLOW_DEPRECATED
   }
   if (strcmp(type, "rsa_oaep_label") == 0) {
-    size_t lablen;
-    int ret;
-    uint8_t *lab;
+    size_t lablen = 0;
 
-    lab = OPENSSL_hexstr2buf(value, &lablen);
+    uint8_t *lab = OPENSSL_hexstr2buf(value, &lablen);
     if (lab == NULL) {
-      return -2;
+      return 0;
     }
 
-    ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
+    int ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
     if (ret <= 0) {
       OPENSSL_free(lab);
     }