From: PW Hu <jlu.hpw@foxmail.com>
Date: Tue, 9 Nov 2021 16:25:47 +0000 (+0800)
Subject: Return -1 properly from do_X509_REQ_verify and do_X509_verify
X-Git-Tag: openssl-3.2.0-alpha1~3274
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bc42cf51c8b2a22282bb3cdf6303e230dc7b7873;p=thirdparty%2Fopenssl.git

Return -1 properly from do_X509_REQ_verify and do_X509_verify

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17001)
---

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 7e3f95b75a3..6f697ab481b 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2322,23 +2322,35 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md,
     return rv;
 }
 
+/*
+ * do_X509_verify returns 1 if the signature is valid,
+ * 0 if the signature check fails, or -1 if error occurs.
+ */
 int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts)
 {
     int rv = 0;
 
     if (do_x509_init(x, vfyopts) > 0)
-        rv = (X509_verify(x, pkey) > 0);
+        rv = X509_verify(x, pkey);
+    else
+        rv = -1;
     return rv;
 }
 
+/*
+ * do_X509_REQ_verify returns 1 if the signature is valid,
+ * 0 if the signature check fails, or -1 if error occurs.
+ */
 int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey,
                        STACK_OF(OPENSSL_STRING) *vfyopts)
 {
     int rv = 0;
 
     if (do_x509_req_init(x, vfyopts) > 0)
-        rv = (X509_REQ_verify_ex(x, pkey,
-                                 app_get0_libctx(), app_get0_propq()) > 0);
+        rv = X509_REQ_verify_ex(x, pkey,
+                                 app_get0_libctx(), app_get0_propq());
+    else
+        rv = -1;
     return rv;
 }