From: Dr. David von Oheimb Date: Wed, 1 Feb 2023 14:36:25 +0000 (+0100) Subject: ossl_cmp_msg_check_update(): fix two wrong error return values (-1 instead of 0) X-Git-Tag: openssl-3.2.0-alpha1~1291 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f7dafe98b10ef54593df175b901654a0f9890a7;p=thirdparty%2Fopenssl.git ossl_cmp_msg_check_update(): fix two wrong error return values (-1 instead of 0) Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/20190) --- diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 8bb4bf42ca3..8a44adc3b42 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -775,6 +775,11 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, CMP_R_RECIPNONCE_UNMATCHED)) return 0; + /* if not yet present, learn transactionID */ + if (ctx->transactionID == NULL + && !OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID)) + return 0; + /* * RFC 4210 section 5.1.1 states: the recipNonce is copied from * the senderNonce of the previous message in the transaction. @@ -783,11 +788,6 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, if (!ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce)) return 0; - /* if not yet present, learn transactionID */ - if (ctx->transactionID == NULL - && !OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID)) - return -1; - /* * Store any provided extraCerts in ctx for future use, * such that they are available to ctx->certConf_cb and @@ -798,7 +798,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, /* this allows self-signed certs */ X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP | X509_ADD_FLAG_PREPEND)) - return -1; + return 0; if (ossl_cmp_hdr_get_protection_nid(hdr) == NID_id_PasswordBasedMAC) { /*