From: Matt Caswell <matt@openssl.org>
Date: Fri, 24 Jun 2022 10:01:22 +0000 (+0100)
Subject: The rsa_validate_keypair_multiprime() function return is not boolean
X-Git-Tag: openssl-3.2.0-alpha1~2474
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=518f1ee81d5a6910365ef404888d0e119a87fd81;p=thirdparty%2Fopenssl.git

The rsa_validate_keypair_multiprime() function return is not boolean

A -ve return value from this function indicates an error which we should
treat as a failure to validate.

Fixes #18538

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18651)
---

diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c
index 01fe9ead69b..8ab11668742 100644
--- a/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
@@ -245,7 +245,7 @@ int ossl_rsa_validate_pairwise(const RSA *key)
 #ifdef FIPS_MODULE
     return ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, RSA_bits(key));
 #else
-    return rsa_validate_keypair_multiprime(key, NULL);
+    return rsa_validate_keypair_multiprime(key, NULL) > 0;
 #endif
 }