Fix second error from Coverity-161057

Coverity flagged a second error in this code

we're comparing block_padding and hs_padding for >= 0, which is always
true

With the change to the use of strtoul, inputs that are preceded with a -
(i.e. negative values), are caught already, so the check is redundant

just remove the check entirely

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24993)

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 13c7e0ff78731bb229ec5a4862d703d3e86cbc3d..5e2d7c1c98dbd50f114a773ef7f9ec6cd6b519a9 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -680,18 +680,17 @@ static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value)
     if (commap == NULL)
         hs_padding = block_padding;
     OPENSSL_free(copy);
+
     /*
      * All we care about are non-negative values,
      * the setters check the range
      */
-    if (block_padding >= 0 || hs_padding >= 0) {
-        if (cctx->ctx)
-            rv = SSL_CTX_set_block_padding_ex(cctx->ctx, (size_t)block_padding,
-                                              (size_t)hs_padding);
-        if (cctx->ssl)
-            rv = SSL_set_block_padding_ex(cctx->ssl, (size_t)block_padding,
+    if (cctx->ctx)
+        rv = SSL_CTX_set_block_padding_ex(cctx->ctx, (size_t)block_padding,
                                           (size_t)hs_padding);
-    }
+    if (cctx->ssl)
+        rv = SSL_set_block_padding_ex(cctx->ssl, (size_t)block_padding,
+                                      (size_t)hs_padding);
     return rv;
 }