From: Shakti Shah <shaktishah33@gmail.com>
Date: Mon, 25 Nov 2024 15:16:45 +0000 (+0530)
Subject: dh_cms_set_peerkey(): Fix the incorrect condition
X-Git-Tag: openssl-3.0.16~51
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09cb64cb73f4304ee9c181eb99ad41b9556c03f4;p=thirdparty%2Fopenssl.git

dh_cms_set_peerkey(): Fix the incorrect condition

Only absent parameters allowed in RFC 3370.

Fixes #25824

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26058)

(cherry picked from commit 02e72ccffacf2d01295810798ca1c86a438ee712)
---

diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
index 2f54ed2673a..3f931d6e6fe 100644
--- a/crypto/cms/cms_dh.c
+++ b/crypto/cms/cms_dh.c
@@ -34,7 +34,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
     if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
         goto err;
     /* Only absent parameters allowed in RFC XXXX */
-    if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL)
+    if (atype != V_ASN1_UNDEF && atype != V_ASN1_NULL)
         goto err;
 
     pk = EVP_PKEY_CTX_get0_pkey(pctx);