From c4077c3e41e087bd104d10f3e152c459e03e1905 Mon Sep 17 00:00:00 2001
From: ndossche <7771979+ndossche@users.noreply.github.com>
Date: Sun, 19 Apr 2026 10:34:30 +0200
Subject: [PATCH] pkey: fix error check of i2d_DHparams()

The first call correcly checks for a value <=0, the second call does
not.
According to LibreSSL docs [1] the error is <=0.
For OpenSSL, we refer to [2] which refers to [3] only states that a
value <0 returns an error, but this appears to be a docs inconsistency
that does not match reality.
Fix this inconsistency for LibreSSL by using the same check.

[1] https://man.openbsd.org/d2i_DHparams.3
[2] https://manpages.debian.org/stretch/libssl-doc/i2d_DHparams.3ssl.en.html
[3] https://manpages.debian.org/stretch/libssl-doc/d2i_X509.3ssl.en.html
---
 ext/openssl/ossl_pkey_dh.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
index 3f2975c5a..5a8c43579 100644
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@@ -286,7 +286,7 @@ ossl_dh_to_der(VALUE self)
         ossl_raise(ePKeyError, NULL);
     str = rb_str_new(0, len);
     p = (unsigned char *)RSTRING_PTR(str);
-    if(i2d_DHparams(dh, &p) < 0)
+    if(i2d_DHparams(dh, &p) <= 0)
         ossl_raise(ePKeyError, NULL);
     ossl_str_adjust(str, p);