From: ndossche <niels.dossche@ugent.be>
Date: Thu, 2 Feb 2023 15:11:16 +0000 (+0100)
Subject: Fix incomplete error check on BIO_set_md()
X-Git-Tag: openssl-3.2.0-alpha1~1300
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=abf654645dee168b229f3fa6a365f6a8e4dd7c31;p=thirdparty%2Fopenssl.git

Fix incomplete error check on BIO_set_md()

BIO_set_md() can return an error value <= 0 according to my analysis
tool and the documentation. But only an error value == 0 is currently
checked. Fix it by changing the check condition.

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20195)
---

diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index a9e659b23dd..b5a4b315a3a 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -437,7 +437,7 @@ BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm,
     (void)ERR_pop_to_mark();
 
     mdbio = BIO_new(BIO_f_md());
-    if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
+    if (mdbio == NULL || BIO_set_md(mdbio, digest) <= 0) {
         ERR_raise(ERR_LIB_CMS, CMS_R_MD_BIO_INIT_ERROR);
         goto err;
     }