]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a901b31)
Fix checking return code of EVP_PKEY_get_int_param at check_curve
authorPetr Mikhalicin <pmikhalicin@rutoken.ru>
Wed, 19 Apr 2023 11:43:02 +0000 (14:43 +0300)
committerTomas Mraz <tomas@openssl.org>
Fri, 21 Apr 2023 08:17:52 +0000 (10:17 +0200)
According to docs, EVP_PKEY_get_int_param should return 1 on Success, and
0 on Failure. So, fix checking of this return value at check_curve

CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20770)

crypto/x509/x509_vfy.c patch | blob | blame | history

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index cc02c1ccc474476d55f6429addb113696fab958a..3c7b7a563a5ddea1d3b1dd38cfa52a460cd8bc8f 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3642,7 +3642,7 @@ static int check_curve(X509 *cert)
         EVP_PKEY_get_int_param(pkey,
                                OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
                                &val);
-    return ret < 0 ? ret : !val;
+    return ret == 1 ? !val : -1;
 }
 
 /*-
Mirror of https://github.com/openssl/openssl.git