Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4()

RAND_bytes_ex() can also return 0 on failure. Other callers do check this correctly. Change the check from <0 to <=0. Fixes: #20100 CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20106) (cherry picked from commit a2b01ae1c84ccc250d5d5cb5f2f8714573e3f11b)
author: Niels Dossche <niels.dossche@ugent.be> 2023-01-21 13:34:34 +0100
committer: Tomas Mraz <tomas@openssl.org> 2023-01-23 10:41:02 +0100
commit: c167983269efea389583838c4e291717071840ff (patch)
tree: 1c0e1bc2a93e4f8cd04c217de483e3f77096a95a /crypto
parent: f9abf5877474e75310ee1fecfe9f0735ceccf65a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index 299e58a8e2..ee11d048a7 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -329,7 +329,7 @@ static int generate_q_fips186_4(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd,
 
         /* A.1.1.2 Step (5) : generate seed with size seed_len */
         if (generate_seed
-                && RAND_bytes_ex(libctx, seed, seedlen, 0) < 0)
+                && RAND_bytes_ex(libctx, seed, seedlen, 0) <= 0)
             goto err;
         /*
          * A.1.1.2 Step (6) AND
author	Niels Dossche <niels.dossche@ugent.be>	2023-01-21 13:34:34 +0100
committer	Tomas Mraz <tomas@openssl.org>	2023-01-23 10:41:02 +0100
commit	c167983269efea389583838c4e291717071840ff (patch)
tree	1c0e1bc2a93e4f8cd04c217de483e3f77096a95a /crypto
parent	f9abf5877474e75310ee1fecfe9f0735ceccf65a (diff)