diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2020-07-27 14:29:46 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2020-07-27 14:29:46 +0000 |
| commit | 556cb5012e7fac3be7de5359b8eaaeb2517f4dd2 (patch) | |
| tree | 2541eb9fd13197a8ae96a2db6d1e057450700f4f /usr.sbin | |
| parent | a4e7dd077217e559c5dea262ad22516c4c66e84c (diff) | |
Fix return value check for openssl API. Do not return success if pkey is NULL.
Feedback and ok cladio@
ok patrick@, tb@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/rpki-client/cert.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index cdb8da757a2..371d6c8cf2e 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.15 2020/04/02 09:16:43 claudio Exp $ */ +/* $OpenBSD: cert.c,v 1.16 2020/07/27 14:29:45 tobhe Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -1128,7 +1128,7 @@ ta_parse(X509 **xp, const char *fn, const unsigned char *pkey, size_t pkeysz) if ((opk = X509_get_pubkey(*xp)) == NULL) cryptowarnx("%s: RFC 6487 (trust anchor): " "missing pubkey", fn); - else if (!EVP_PKEY_cmp(pk, opk)) + else if (EVP_PKEY_cmp(pk, opk) != 1) cryptowarnx("%s: RFC 6487 (trust anchor): " "pubkey does not match TAL pubkey", fn); else @@ -1136,8 +1136,7 @@ ta_parse(X509 **xp, const char *fn, const unsigned char *pkey, size_t pkeysz) EVP_PKEY_free(pk); EVP_PKEY_free(opk); - } else - rc = 1; + } if (rc == 0) { cert_free(p); |