x509: handle returns from X509_TRUST_get_by_id() more consistently

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/17709)
2025-01-18 13:44:20 +08:00 · 2022-02-16 10:41:58 +11:00 · 2022-02-16 10:41:58 +11:00 · 7b3041eba1
commit 7b3041eba1
parent 09dca55733
1 changed files with 4 additions and 4 deletions
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@ -72,7 +72,7 @@ int X509_check_trust(X509 *x, int id, int flags)
        return obj_trust(NID_anyExtendedKeyUsage, x,
                         flags | X509_TRUST_DO_SS_COMPAT);
    idx = X509_TRUST_get_by_id(id);
-    if (idx == -1)
+    if (idx < 0)
        return default_trust(id, x, flags);
    pt = X509_TRUST_get0(idx);
    return pt->check_trust(pt, x, flags);
@ -112,7 +112,7 @@ int X509_TRUST_get_by_id(int id)

 int X509_TRUST_set(int *t, int trust)
 {
-    if (X509_TRUST_get_by_id(trust) == -1) {
+    if (X509_TRUST_get_by_id(trust) < 0) {
        ERR_raise(ERR_LIB_X509, X509_R_INVALID_TRUST);
        return 0;
    }
@ -162,7 +162,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
    trtmp->arg2 = arg2;

    /* If its a new entry manage the dynamic table */
-    if (idx == -1) {
+    if (idx < 0) {
        if (trtable == NULL
            && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
            ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
@ -175,7 +175,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
    }
    return 1;
 err:
-    if (idx == -1) {
+    if (idx < 0) {
        OPENSSL_free(trtmp->name);
        OPENSSL_free(trtmp);
    }