Fix incomplete error check on ASN1_item_i2d()

According to the documentation and my analysis tool
ASN1_item_i2d() can return a negative value on error,
but this is not checked. Fix it by changing the error check condition.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20251)

diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
index 0d1f3406db816c931e3069a9a16cf59f5eedf559..d22925510dd3b030e61d03091bf665c28e119e0c 100644 (file)
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
@@ -28,7 +28,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
 
     ASN1_STRING_set0(octmp, NULL, 0);
 
-    if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
+    if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) <= 0) {
         ERR_raise(ERR_LIB_ASN1, ASN1_R_ENCODE_ERROR);
         goto err;
     }