Check error return from cms_sd_asn1_ctrl() correctly.

Fixes #21986 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/21988)
2023-09-07 09:27:37 +10:00 · 2023-09-07 09:27:37 +10:00 · 00a413e248
parent 769e47ecdd
commit 00a413e248
1 changed files with 3 additions and 3 deletions
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@ -262,13 +262,13 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
    int i;

    if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC"))
-        return cms_generic_sign(si, cmd);
+        return cms_generic_sign(si, cmd) > 0;
    else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS"))
-        return ossl_cms_rsa_sign(si, cmd);
+        return ossl_cms_rsa_sign(si, cmd) > 0;

    /* Now give engines, providers, etc a chance to handle this */
    if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
-        return cms_generic_sign(si, cmd);
+        return cms_generic_sign(si, cmd) > 0;
    i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
    if (i == -2) {
        ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);