Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4()

RAND_bytes_ex() can also return 0 on failure. Other callers do check this correctly. Change the check from <0 to <=0. Fixes: #20100 CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20106)
author: Niels Dossche <niels.dossche@ugent.be> 2023-01-21 13:34:34 +0100
committer: Tomas Mraz <tomas@openssl.org> 2023-01-23 10:40:26 +0100
commit: a2b01ae1c84ccc250d5d5cb5f2f8714573e3f11b (patch)
tree: 7d9a3ca73d72378052f1eb707b168197c5bcf398 /crypto/ffc
parent: 1d857945324810f43a302c9d062c617207093387 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index 101fd76b83..a369370145 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -329,7 +329,7 @@ static int generate_q_fips186_4(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd,
 
         /* A.1.1.2 Step (5) : generate seed with size seed_len */
         if (generate_seed
-                && RAND_bytes_ex(libctx, seed, seedlen, 0) < 0)
+                && RAND_bytes_ex(libctx, seed, seedlen, 0) <= 0)
             goto err;
         /*
          * A.1.1.2 Step (6) AND
author	Niels Dossche <niels.dossche@ugent.be>	2023-01-21 13:34:34 +0100
committer	Tomas Mraz <tomas@openssl.org>	2023-01-23 10:40:26 +0100
commit	a2b01ae1c84ccc250d5d5cb5f2f8714573e3f11b (patch)
tree	7d9a3ca73d72378052f1eb707b168197c5bcf398 /crypto/ffc
parent	1d857945324810f43a302c9d062c617207093387 (diff)