[openssl/openssl] 276758: Fix incomplete checks for EVP_CIPHER_asn1_to_param

Niels Dossche noreply at github.com
Wed Jan 25 14:48:22 UTC 2023

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 27675857653f3344eeda17b2f2426f3fa0da9329
  Author: Niels Dossche <niels.dossche at ugent.be>
  Date:   2023-01-25 (Wed, 25 Jan 2023)

  Changed paths:
    M crypto/evp/evp_lib.c
    M crypto/evp/p5_crpt2.c
    M crypto/pkcs7/pk7_doit.c

  Log Message:
  Fix incomplete checks for EVP_CIPHER_asn1_to_param

EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and
a value greater than 0 in case of success. Two callsites only check for
< 0 instead of <= 0. The other callsites perform this check correctly.
Change the two callsites to <= 0. Additionally correctly handle a zero
return value from EVP_CIPHER_get_asn1_iv as success.

Fixes: #20116

CLA: trivial

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/201213)

(cherry picked from commit 114d99b46bfb212ffc510865df317ca2c1542623)

More information about the openssl-commits mailing list