Fix incomplete checks for EVP_CIPHER_asn1_to_param

EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and a value greater than 0 in case of success. Two callsites only check for < 0 instead of <= 0. The other callsites perform this check correctly. Change the two callsites to <= 0. Additionally correctly handle a zero return value from EVP_CIPHER_get_asn1_iv as success. Fixes: #20116 CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/201213)
author: Niels Dossche <niels.dossche@ugent.be> 2023-01-23 17:16:34 +0100
committer: Matt Caswell <matt@openssl.org> 2023-01-25 14:27:14 +0000
commit: 114d99b46bfb212ffc510865df317ca2c1542623 (patch)
tree: a13f6db35e8b07fde61009db2afa082186f3706c /crypto/pkcs7
parent: e95d6e1eec2f080713aa91c12e411cea4cffee65 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 8a46ab471d..523ef6689f 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -589,7 +589,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         BIO_get_cipher_ctx(etmp, &evp_ctx);
         if (EVP_CipherInit_ex(evp_ctx, cipher, NULL, NULL, NULL, 0) <= 0)
             goto err;
-        if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
+        if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) <= 0)
             goto err;
         /* Generate random key as MMA defence */
         len = EVP_CIPHER_CTX_get_key_length(evp_ctx);
author	Niels Dossche <niels.dossche@ugent.be>	2023-01-23 17:16:34 +0100
committer	Matt Caswell <matt@openssl.org>	2023-01-25 14:27:14 +0000
commit	114d99b46bfb212ffc510865df317ca2c1542623 (patch)
tree	a13f6db35e8b07fde61009db2afa082186f3706c /crypto/pkcs7
parent	e95d6e1eec2f080713aa91c12e411cea4cffee65 (diff)