Fix incomplete check on EVP_CIPHER_param_to_asn1()

That function is a wrapper around evp_cipher_param_to_asn1_ex() which can return 0 as an error value via its ret <= 0 check [1]. Furthermore, all other callers of this function check against <= 0 instead of < 0 and this is also in line with what the documentation tells us. Fix the incomplete check by changing it to <= 0 as well. CLA: trivial [1] https://github.com/openssl/openssl/blob/114d99b46bfb212ffc510865df317ca2c1542623/crypto/evp/evp_lib.c#L164-L165 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #20180)
openssl · Feb 1, 2023 · e366371 · e366371
1 parent aa2d7e0
commit e366371
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
@@ -331,7 +331,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                 if (xalg->parameter == NULL)
                     goto err;
             }
-            if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+            if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0)
                 goto err;
         }