From 4e5f3d691343a691ddae739c51f7ae71e9893c98 Mon Sep 17 00:00:00 2001
From: Petr Mikhalicin <pmikhalicin@rutoken.ru>
Date: Wed, 19 Apr 2023 14:43:02 +0300
Subject: [PATCH] Fix checking return code of EVP_PKEY_get_int_param at
 check_curve

According to docs, EVP_PKEY_get_int_param should return 1 on Success, and
0 on Failure. So, fix checking of this return value at check_curve

CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20770)
---
 crypto/x509/x509_vfy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index cc02c1ccc4..3c7b7a563a 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3642,7 +3642,7 @@ static int check_curve(X509 *cert)
         EVP_PKEY_get_int_param(pkey,
                                OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
                                &val);
-    return ret < 0 ? ret : !val;
+    return ret == 1 ? !val : -1;
 }
 
 /*-