coding error in x509_vpm.c - param_cmp

[Curtis Villamizar]

Hi there openssl experts,

It appears as though callers expect param_cmp to return 1 on success
and zero otherwise.  strcmp returns zero if the two strings match.

See patch below in between the lines with 60 "-" character.

------------------------------------------------------------
--- crypto/x509/x509_vpm.c.orig	2015-07-09 07:57:15.000000000 -0400
+++ crypto/x509/x509_vpm.c	2015-09-21 14:58:52.191117000 -0400
@@ -591,7 +591,7 @@
 static int param_cmp(const X509_VERIFY_PARAM *const *a,
                      const X509_VERIFY_PARAM *const *b)
 {
-    return strcmp((*a)->name, (*b)->name);
+    return (0 == strcmp((*a)->name, (*b)->name));
 }
 
 int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
------------------------------------------------------------

Hi there FreeBSDers,

I've added this locally as files/patch-crypto_x509_x509_vpm.c in
/usr/ports/security/openssl.  Please pick this up as a patch file in
the security/openssl port until fixed in openssl.

btw- I cc'd freebsd-ports in case anyone else runs into this and Cc'd
the port maintainer in case he doesn't read every message on that list
(very likely if he has a life and/or a job).

Curtis