root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4() 

RAND_bytes_ex() can also return 0 on failure. Other callers do check
this correctly. Change the check from <0 to <=0.

Fixes: #20100

CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20106)

(cherry picked from commit a2b01ae1c8)
This commit is contained in:
Niels Dossche 2023-01-21 13:34:34 +01:00 committed by Tomas Mraz
parent f45c6033ce
commit 846d5099f3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/ffc/ffc_params_generate.c
View File

@ -329,7 +329,7 @@ static int generate_q_fips186_4(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd,
/* A.1.1.2 Step (5) : generate seed with size seed_len */
if (generate_seed
&& RAND_bytes_ex(libctx, seed, seedlen, 0) < 0)
&& RAND_bytes_ex(libctx, seed, seedlen, 0) <= 0)
goto err;
/*
* A.1.1.2 Step (6) AND