Fix incomplete error check on BIO_set_md()

BIO_set_md() can return an error value <= 0 according to my analysis tool and the documentation. But only an error value == 0 is currently checked. Fix it by changing the check condition. CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #20195) (cherry picked from commit abf6546)
openssl · Feb 8, 2023 · 9b77bd9 · 9b77bd9
1 parent e80518d
commit 9b77bd9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
@@ -431,7 +431,7 @@ BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm,
     (void)ERR_pop_to_mark();
 
     mdbio = BIO_new(BIO_f_md());
-    if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
+    if (mdbio == NULL || BIO_set_md(mdbio, digest) <= 0) {
         ERR_raise(ERR_LIB_CMS, CMS_R_MD_BIO_INIT_ERROR);
         goto err;
     }