From 2e383ef856e35a2061ffeb4ff644f1a364b4c7e0 Mon Sep 17 00:00:00 2001
From: ndossche <7771979+ndossche@users.noreply.github.com>
Date: Wed, 25 Feb 2026 19:06:58 +0100
Subject: [PATCH] Fix i2d_ASN1_TYPE() error check

The OpenSSL docs / LibreSSL docs are slightly misleading wrt the error
return values. 0 is also an error value.
This can be proven by looking at the call chain:
`i2d_ASN1_TYPE -> ASN1_item_i2d -> asn1_item_flags_i2d -> ASN1_item_ex_i2d`
and noticing that ASN1_item_ex_i2d can return 0 on error.
---
 ext/openssl/ossl_asn1.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index 71a87f046..eb679568b 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -1170,7 +1170,7 @@ ossl_asn1prim_to_der(VALUE self)
 
     asn1 = ossl_asn1_get_asn1type(self);
     alllen = i2d_ASN1_TYPE(asn1, NULL);
-    if (alllen < 0) {
+    if (alllen <= 0) {
         ASN1_TYPE_free(asn1);
         ossl_raise(eASN1Error, "i2d_ASN1_TYPE");
     }
@@ -1180,7 +1180,7 @@ ossl_asn1prim_to_der(VALUE self)
         rb_jump_tag(state);
     }
     p0 = p1 = (unsigned char *)RSTRING_PTR(str);
-    if (i2d_ASN1_TYPE(asn1, &p0) < 0) {
+    if (i2d_ASN1_TYPE(asn1, &p0) <= 0) {
         ASN1_TYPE_free(asn1);
         ossl_raise(eASN1Error, "i2d_ASN1_TYPE");
     }