diff options
author | ndossche <niels.dossche@ugent.be> | 2023-01-27 15:43:42 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-01-31 11:06:56 +1100 |
commit | f526461da3be0f39190fd5dbe3dd914dab81cf83 (patch) | |
tree | ecf8bd2aa55e2fffcd1ef0994f67b5e225d92fe4 /crypto | |
parent | f006e27ff02cd2303a2520ef73c53470490edbc3 (diff) |
Fix incomplete check on X509V3_add1_i2d()
X509V3_add1_i2d() can return both -1 and 0 as an error code. This check
only checked for 0. Change it into <= 0 to also catch the -1 error code.
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20157)
(cherry picked from commit ecd445464a73bb3f125327a604dd13ad16303ebc)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ocsp/ocsp_ext.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index c2b61bd4f2..753b30ce47 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -268,8 +268,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, memcpy(tmpval, val, len); else if (RAND_bytes(tmpval, len) <= 0) goto err; - if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, - &os, 0, X509V3_ADD_REPLACE)) + if (X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, + &os, 0, X509V3_ADD_REPLACE) <= 0) goto err; ret = 1; err: |