mirror of
https://github.com/openssl/openssl.git
synced 2024-12-17 22:13:45 +08:00
rsa_cms_verify: Avoid negative return with missing pss parameters
Fixes #15984 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15985)
This commit is contained in:
parent
0a02c81f81
commit
643ce3108f
@ -222,7 +222,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
|
||||
CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
|
||||
nid = OBJ_obj2nid(alg->algorithm);
|
||||
if (nid == EVP_PKEY_RSA_PSS)
|
||||
return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
|
||||
return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL) > 0;
|
||||
/* Only PSS allowed for PSS keys */
|
||||
if (EVP_PKEY_is_a(pkey, "RSA-PSS")) {
|
||||
ERR_raise(ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
|
||||
|
Loading…
Reference in New Issue
Block a user