root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Make error checks on RSA_public_decrypt() consistent 

Some are only checking for a value < 0, some for <= 0, some for == 0, etc.
The documentation tells us that -1 is returned on error, so at least the
== 0 ones are wrong. In general, the return values are checked
inconsistently. This patch makes the return value checks consistent to
the form that seems to occur most.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28306)

(cherry picked from commit 3e2f54a718)
This commit is contained in:
Niels Dossche 2025-08-19 22:56:38 +02:00 committed by Tomas Mraz
parent f0c9ea7843
commit 9e8eaa2cfc
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/rsa/rsa_pmeth.c
View File

@ -221,7 +221,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
return -1; return -1;
ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa,
RSA_X931_PADDING); RSA_X931_PADDING);
if (ret < 1) if (ret <= 0)
return 0; return 0;
ret--; ret--;
if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_get_type(rctx->md))) { if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_get_type(rctx->md))) {
@ -248,7 +248,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
} else { } else {
ret = RSA_public_decrypt(siglen, sig, rout, rsa, rctx->pad_mode); ret = RSA_public_decrypt(siglen, sig, rout, rsa, rctx->pad_mode);
} }
if (ret < 0) if (ret <= 0)
return ret; return ret;
*routlen = ret; *routlen = ret;
return 1; return 1;
@ -300,7 +300,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
return -1; return -1;
rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
rsa, rctx->pad_mode); rsa, rctx->pad_mode);
if (rslen == 0) if (rslen <= 0)
return 0; return 0;
} }

4
providers/implementations/signature/rsa_sig.c
View File

@ -718,7 +718,7 @@ static int rsa_verify_recover(void *vprsactx,
return 0; return 0;
ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa, ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa,
RSA_X931_PADDING); RSA_X931_PADDING);
if (ret < 1) { if (ret <= 0) {
ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
return 0; return 0;
} }
@ -768,7 +768,7 @@ static int rsa_verify_recover(void *vprsactx,
} else { } else {
ret = RSA_public_decrypt(siglen, sig, rout, prsactx->rsa, ret = RSA_public_decrypt(siglen, sig, rout, prsactx->rsa,
prsactx->pad_mode); prsactx->pad_mode);
if (ret < 0) { if (ret <= 0) {
ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
return 0; return 0;
} }