Fix the incorrect checks of EVP_CIPHER_CTX_set_key_length

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18397)
author: Peiwei Hu <jlu.hpw@foxmail.com> 2022-05-24 16:57:53 +0200
committer: Tomas Mraz <tomas@openssl.org> 2022-05-27 07:57:43 +0200
commit: 8d9fec1781751d2106d899c6076eeb3da6930bfe (patch)
tree: deec4da4593daac6aecf5cf605efaf1fd936a73b /providers
parent: Fix the defective check of EVP_PKEY_get_params (diff)
download: openssl-8d9fec1781751d2106d899c6076eeb3da6930bfe.tar.xz
openssl-8d9fec1781751d2106d899c6076eeb3da6930bfe.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c
index bf4d9324fe..0ad59734f8 100644
--- a/providers/implementations/kdfs/krb5kdf.c
+++ b/providers/implementations/kdfs/krb5kdf.c
@@ -359,8 +359,10 @@ static int cipher_init(EVP_CIPHER_CTX *ctx,
     klen = EVP_CIPHER_CTX_get_key_length(ctx);
     if (key_len != (size_t)klen) {
         ret = EVP_CIPHER_CTX_set_key_length(ctx, key_len);
-        if (!ret)
+        if (ret <= 0) {
+            ret = 0;
             goto out;
+        }
     }
     /* we never want padding, either the length requested is a multiple of
      * the cipher block size or we are passed a cipher that can cope with
author	Peiwei Hu <jlu.hpw@foxmail.com>	2022-05-24 16:57:53 +0200
committer	Tomas Mraz <tomas@openssl.org>	2022-05-27 07:57:43 +0200
commit	8d9fec1781751d2106d899c6076eeb3da6930bfe (patch)
tree	deec4da4593daac6aecf5cf605efaf1fd936a73b /providers
parent	Fix the defective check of EVP_PKEY_get_params (diff)
download	openssl-8d9fec1781751d2106d899c6076eeb3da6930bfe.tar.xz openssl-8d9fec1781751d2106d899c6076eeb3da6930bfe.zip