From: Petr Mikhalicin <pmikhalicin@rutoken.ru>
Date: Wed, 19 Apr 2023 11:43:02 +0000 (+0300)
Subject: Fix checking return code of EVP_PKEY_get_int_param at check_curve
X-Git-Tag: openssl-3.1.1~56
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=247a07f5bc9e5187edd1229535fd56181b7960ee;p=thirdparty%2Fopenssl.git

Fix checking return code of EVP_PKEY_get_int_param at check_curve

According to docs, EVP_PKEY_get_int_param should return 1 on Success, and
0 on Failure. So, fix checking of this return value at check_curve

CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20770)

(cherry picked from commit 4e5f3d691343a691ddae739c51f7ae71e9893c98)
---

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index a0282c3ef12..b6e9ee2c45e 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3421,7 +3421,7 @@ static int check_curve(X509 *cert)
         ret = EVP_PKEY_get_int_param(pkey,
                                      OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
                                      &val);
-        return ret < 0 ? ret : !val;
+        return ret == 1 ? !val : -1;
     }
 
     return 1;