From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 2 Jul 2021 13:29:13 +0000 (+0200)
Subject: rsa_cms_verify: Avoid negative return with missing pss parameters
X-Git-Tag: openssl-3.0.0-beta2~117
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=643ce3108f88751c44348335bed91e475d50677d;p=thirdparty%2Fopenssl.git

rsa_cms_verify: Avoid negative return with missing pss parameters

Fixes #15984

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15985)
---

diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index b9e895aed4f..20ed8169183 100644
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -222,7 +222,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
     CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
     nid = OBJ_obj2nid(alg->algorithm);
     if (nid == EVP_PKEY_RSA_PSS)
-        return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
+        return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL) > 0;
     /* Only PSS allowed for PSS keys */
     if (EVP_PKEY_is_a(pkey, "RSA-PSS")) {
         ERR_raise(ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);