Fix CID-1464802

Improper use of negative value (It just needs to pass zero instead of -1). Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12237)
2025-03-19 19:50:42 +08:00 · 2020-06-23 12:30:40 +10:00 · 2020-06-23 12:30:40 +10:00 · 9beffaf695
commit 9beffaf695
parent 2c9ba46c90
2 changed files with 5 additions and 5 deletions
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@ -63,7 +63,7 @@ int DSA_generate_parameters_ex(DSA *dsa, int bits,
            return 0;
    } else {
        if (!dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_4,
-                                         bits, -1, cb))
+                                         bits, 0, cb))
            return 0;
    }

--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@ -504,7 +504,7 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
    if (params->mdname != NULL) {
        md = EVP_MD_fetch(libctx, params->mdname, params->mdprops);
    } else {
-        if (N <= 0)
+        if (N == 0)
            N = (L >= 2048 ? SHA256_DIGEST_LENGTH : SHA_DIGEST_LENGTH) * 8;
        md = EVP_MD_fetch(libctx, default_mdname(N), NULL);
    }
@ -514,7 +514,7 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
    if (mdsize <= 0)
        goto err;

-    if (N <= 0)
+    if (N == 0)
        N = mdsize * 8;
    qsize = N >> 3;

@ -790,13 +790,13 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
    if (params->mdname != NULL) {
        md = EVP_MD_fetch(libctx, params->mdname, params->mdprops);
    } else {
-        if (N <= 0)
+        if (N == 0)
            N = (L >= 2048 ? SHA256_DIGEST_LENGTH : SHA_DIGEST_LENGTH) * 8;
        md = EVP_MD_fetch(libctx, default_mdname(N), NULL);
    }
    if (md == NULL)
        goto err;
-    if (N <= 0)
+    if (N == 0)
        N = EVP_MD_size(md) * 8;
    qsize = N >> 3;