Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4()

RAND_bytes_ex() can also return 0 on failure. Other callers do check this correctly. Change the check from <0 to <=0. Fixes: #20100 CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #20106) (cherry picked from commit a2b01ae)
openssl · Jan 23, 2023 · c167983 · c167983
1 parent f9abf58
commit c167983
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
@@ -329,7 +329,7 @@ static int generate_q_fips186_4(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd,
 
         /* A.1.1.2 Step (5) : generate seed with size seed_len */
         if (generate_seed
-                && RAND_bytes_ex(libctx, seed, seedlen, 0) < 0)
+                && RAND_bytes_ex(libctx, seed, seedlen, 0) <= 0)
             goto err;
         /*
          * A.1.1.2 Step (6) AND