From 2a0d76cf63126dadd70bb6541a509360d0cabbaf Mon Sep 17 00:00:00 2001 From: Zackery Backman Date: Tue, 7 Apr 2026 13:00:09 -0600 Subject: [PATCH] Fix DH encoding check in wolfSSL_CTX_set_tmp_dh: && to || and < to <= to catch single-param failure and zero-length, matching wolfSSL_set_tmp_dh. --- src/ssl_load.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index 33c490b7c7..74a5a5b6a2 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -5864,7 +5864,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) pSz = wolfSSL_BN_bn2bin(dh->p, p); gSz = wolfSSL_BN_bn2bin(dh->g, g); /* Check encoding worked. */ - if ((pSz < 0) && (gSz < 0)) { + if ((pSz <= 0) || (gSz <= 0)) { ret = WOLFSSL_FATAL_ERROR; } }