[openssl] openssl-3.0 update

Dr. Paul Dale pauli at openssl.org
Mon Feb 21 00:43:19 UTC 2022 

The branch openssl-3.0 has been updated
       via  5675a5aaf6a2e489022bcfc18330dae9263e598e (commit)
      from  eee4287febb296afae3de9e21c5d9cbae14a9802 (commit)


- Log -----------------------------------------------------------------
commit 5675a5aaf6a2e489022bcfc18330dae9263e598e
Author: Pauli <pauli at openssl.org>
Date:   Wed Feb 16 10:41:58 2022 +1100

    x509: handle returns from X509_TRUST_get_by_id() more consistently
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/17709)
    
    (cherry picked from commit 7b3041eba1c6e177eede0d6311d53a6b9ff58051)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_trust.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c
index 0888e16c15..fa30c738a7 100644
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -72,7 +72,7 @@ int X509_check_trust(X509 *x, int id, int flags)
         return obj_trust(NID_anyExtendedKeyUsage, x,
                          flags | X509_TRUST_DO_SS_COMPAT);
     idx = X509_TRUST_get_by_id(id);
-    if (idx == -1)
+    if (idx < 0)
         return default_trust(id, x, flags);
     pt = X509_TRUST_get0(idx);
     return pt->check_trust(pt, x, flags);
@@ -112,7 +112,7 @@ int X509_TRUST_get_by_id(int id)
 
 int X509_TRUST_set(int *t, int trust)
 {
-    if (X509_TRUST_get_by_id(trust) == -1) {
+    if (X509_TRUST_get_by_id(trust) < 0) {
         ERR_raise(ERR_LIB_X509, X509_R_INVALID_TRUST);
         return 0;
     }
@@ -162,7 +162,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
     trtmp->arg2 = arg2;
 
     /* If its a new entry manage the dynamic table */
-    if (idx == -1) {
+    if (idx < 0) {
         if (trtable == NULL
             && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
             ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
@@ -175,7 +175,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
     }
     return 1;
  err:
-    if (idx == -1) {
+    if (idx < 0) {
         OPENSSL_free(trtmp->name);
         OPENSSL_free(trtmp);
     }

More information about the openssl-commits mailing list