diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-07-02 15:29:13 +0200 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-07-06 10:08:08 +1000 |
commit | 643ce3108f88751c44348335bed91e475d50677d (patch) | |
tree | 3e839e26e3ccbbaaf26ee7cc02e590f37b3c9f92 | |
parent | 0a02c81f8173e0c5d554bd16daa68b7594f4cbd8 (diff) |
rsa_cms_verify: Avoid negative return with missing pss parameters
Fixes #15984
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15985)
-rw-r--r-- | crypto/cms/cms_rsa.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c index b9e895aed4..20ed816918 100644 --- a/crypto/cms/cms_rsa.c +++ b/crypto/cms/cms_rsa.c @@ -222,7 +222,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si) CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); nid = OBJ_obj2nid(alg->algorithm); if (nid == EVP_PKEY_RSA_PSS) - return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL); + return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL) > 0; /* Only PSS allowed for PSS keys */ if (EVP_PKEY_is_a(pkey, "RSA-PSS")) { ERR_raise(ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); |