Fix incomplete check on CMS_SharedInfo_encode

CMS_SharedInfo_encode() can also return a negative error value, but this is not checked in the current check, only the zero error return value is covered. A previous PR [1] fixed the other caller's check of CMS_SharedInfo_encode in this file, but it seems like this place was missed. Fix it by changing the check to <= 0. [1] a752fc4 CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #20181)
openssl · Feb 8, 2023 · ba06181 · ba06181
1 parent 650f047
commit ba06181
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c
@@ -346,7 +346,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
 
     penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);
 
-    if (penclen == 0)
+    if (penclen <= 0)
         goto err;
 
     if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)