From: Jiasheng Jiang <jiasheng@purdue.edu>
Date: Fri, 22 Mar 2024 18:09:18 +0000 (+0000)
Subject: Alter the check
X-Git-Tag: openssl-3.4.0-alpha1~771
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e53a7ccd11c6aef965c50335187a473540819390;p=thirdparty%2Fopenssl.git

Alter the check

Alter the check since 0 md size is an error.

Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23940)
---

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index af8b637531c..fa78906376e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -297,7 +297,7 @@ static int dane_tlsa_add(SSL_DANE *dane,
 
     if (md != NULL) {
         mdsize = EVP_MD_get_size(md);
-        if (mdsize < 0 || dlen != (size_t)mdsize) {
+        if (mdsize <= 0 || dlen != (size_t)mdsize) {
             ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
             return 0;
         }