Fix incomplete error check on RSA_public_decrypt()

According to the documentation and my analysis tool RSA_public_decrypt() can return -1 on error, but this is not checked. Fix it by changing the error condition. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20250)
author: ndossche <niels.dossche@ugent.be> 2023-02-09 09:49:47 +0100
committer: Pauli <pauli@openssl.org> 2023-02-28 14:36:15 +1100
commit: 8195e59986031f6f33e2569551d771904433fa04 (patch)
tree: 8719b3b594abdace9bebafc783c1ce6fffbcfef2 /providers
parent: 5df5032ab02d7a17e07435de777d730bae190253 (diff)
download: openssl-new-8195e59986031f6f33e2569551d771904433fa04.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index 7463efbc0f..e0faf1c1ad 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -838,7 +838,7 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen,
             return 0;
         rslen = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa,
                                    prsactx->pad_mode);
-        if (rslen == 0) {
+        if (rslen <= 0) {
             ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
             return 0;
         }
author	ndossche <niels.dossche@ugent.be>	2023-02-09 09:49:47 +0100
committer	Pauli <pauli@openssl.org>	2023-02-28 14:36:15 +1100
commit	8195e59986031f6f33e2569551d771904433fa04 (patch)
tree	8719b3b594abdace9bebafc783c1ce6fffbcfef2 /providers
parent	5df5032ab02d7a17e07435de777d730bae190253 (diff)
download	openssl-new-8195e59986031f6f33e2569551d771904433fa04.tar.gz