From 0f244620acaf6129647bce002762533e9e66dd94 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 15 Jun 2023 12:44:17 +0000
Subject: Fix a logic error in ASN1_item_sign_ctx()

If the item_sign() ASN.1 method returns 1, it supposedly handles everything
and the goto err prior to r1.5 was actually a success path. Go figure.

This is fortunately inconsequential since there are only two item_sign()
methods, one for RSA and one for Ed25519, neither of which can return 1.
They only return 0, 2, and 3.

Pointed out by and ok jsing
---
 src/lib/libcrypto/asn1/asn1_item.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/lib/libcrypto/asn1/asn1_item.c b/src/lib/libcrypto/asn1/asn1_item.c
index 1bdb743a95..d87a27b535 100644
--- a/src/lib/libcrypto/asn1/asn1_item.c
+++ b/src/lib/libcrypto/asn1/asn1_item.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_item.c,v 1.7 2023/06/13 23:31:53 tb Exp $ */
+/* $OpenBSD: asn1_item.c,v 1.8 2023/06/15 12:44:17 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -251,18 +251,20 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 	if (pkey->ameth->item_sign) {
 		rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
 		    signature);
-		if (rv == 1)
-			out_len = signature->length;
+		if (rv == 1) {
+			buf_out_len = signature->length;
+			goto done;
+		}
 		/* Return value meanings:
 		 * <=0: error.
 		 *   1: method does everything.
 		 *   2: carry on as normal.
 		 *   3: ASN1 method sets algorithm identifiers: just sign.
 		 */
-		if (rv <= 0)
+		if (rv <= 0) {
 			ASN1error(ERR_R_EVP_LIB);
-		if (rv <= 1)
 			goto err;
+		}
 	}
 
 	if (rv == 2) {
@@ -322,6 +324,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 		goto err;
 	}
 
+ done:
 	ret = (int)buf_out_len;
  err:
 	EVP_MD_CTX_cleanup(ctx);
-- 
cgit v1.2.3-55-g6feb