From 9beffaf695b7ed5a7198496036b9aed87d598e51 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Tue, 23 Jun 2020 12:30:40 +1000 Subject: [PATCH] Fix CID-1464802 Improper use of negative value (It just needs to pass zero instead of -1). Reviewed-by: Tomas Mraz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12237) --- crypto/dsa/dsa_gen.c | 2 +- crypto/ffc/ffc_params_generate.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 9d5e91de29..94b3da8754 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -63,7 +63,7 @@ int DSA_generate_parameters_ex(DSA *dsa, int bits, return 0; } else { if (!dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_4, - bits, -1, cb)) + bits, 0, cb)) return 0; } diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index b3ab476f3f..325eb6768f 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -504,7 +504,7 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, if (params->mdname != NULL) { md = EVP_MD_fetch(libctx, params->mdname, params->mdprops); } else { - if (N <= 0) + if (N == 0) N = (L >= 2048 ? SHA256_DIGEST_LENGTH : SHA_DIGEST_LENGTH) * 8; md = EVP_MD_fetch(libctx, default_mdname(N), NULL); } @@ -514,7 +514,7 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, if (mdsize <= 0) goto err; - if (N <= 0) + if (N == 0) N = mdsize * 8; qsize = N >> 3; @@ -790,13 +790,13 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, if (params->mdname != NULL) { md = EVP_MD_fetch(libctx, params->mdname, params->mdprops); } else { - if (N <= 0) + if (N == 0) N = (L >= 2048 ? SHA256_DIGEST_LENGTH : SHA_DIGEST_LENGTH) * 8; md = EVP_MD_fetch(libctx, default_mdname(N), NULL); } if (md == NULL) goto err; - if (N <= 0) + if (N == 0) N = EVP_MD_size(md) * 8; qsize = N >> 3; -- 2.34.1