x509: handle returns from X509_TRUST_get_by_id() more consistently

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17709)

diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c
index bf674737f894ea2677e112024a50f34d1365a9f5..d3b9ad345dad1265487b1c76857a50f6a49983c3 100644 (file)
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -72,7 +72,7 @@ int X509_check_trust(X509 *x, int id, int flags)
         return obj_trust(NID_anyExtendedKeyUsage, x,
                          flags | X509_TRUST_DO_SS_COMPAT);
     idx = X509_TRUST_get_by_id(id);
-    if (idx == -1)
+    if (idx < 0)
         return default_trust(id, x, flags);
     pt = X509_TRUST_get0(idx);
     return pt->check_trust(pt, x, flags);
@@ -112,7 +112,7 @@ int X509_TRUST_get_by_id(int id)
 
 int X509_TRUST_set(int *t, int trust)
 {
-    if (X509_TRUST_get_by_id(trust) == -1) {
+    if (X509_TRUST_get_by_id(trust) < 0) {
         ERR_raise(ERR_LIB_X509, X509_R_INVALID_TRUST);
         return 0;
     }
@@ -162,7 +162,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
     trtmp->arg2 = arg2;
 
     /* If its a new entry manage the dynamic table */
-    if (idx == -1) {
+    if (idx < 0) {
         if (trtable == NULL
             && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
             ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
@@ -175,7 +175,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
     }
     return 1;
  err:
-    if (idx == -1) {
+    if (idx < 0) {
         OPENSSL_free(trtmp->name);
         OPENSSL_free(trtmp);
     }