Fix incomplete check on CMS_SharedInfo_encode

CMS_SharedInfo_encode() can also return a negative error value, but this is not checked in the current check, only the zero error return value is covered. A previous PR [1] fixed the other caller's check of CMS_SharedInfo_encode in this file, but it seems like this place was missed. Fix it by changing the check to <= 0. [1] https://github.com/openssl/openssl/pull/12628/commits/a752fc4da5e1dfd5b3a730d95272c2e2b0c48f1a CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20181) (cherry picked from commit ba061818e9d76f332e8914dfe9168577b2378dde)
author: ndossche <niels.dossche@ugent.be> 2023-01-31 16:30:26 +0100
committer: Tomas Mraz <tomas@openssl.org> 2023-02-08 16:58:38 +0100
commit: a5a3532ab0e330351861bb2e00619ec455f3d414 (patch)
tree: 81e6be3e5b162aac56c65d01fe95df506c18b4f3
parent: b887310c59baf223b860d73bd01c63f888e5fc3f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c
index 709fff496f..9776c7895c 100644
--- a/crypto/cms/cms_ec.c
+++ b/crypto/cms/cms_ec.c
@@ -346,7 +346,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
 
     penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);
 
-    if (penclen == 0)
+    if (penclen <= 0)
         goto err;
 
     if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)
author	ndossche <niels.dossche@ugent.be>	2023-01-31 16:30:26 +0100
committer	Tomas Mraz <tomas@openssl.org>	2023-02-08 16:58:38 +0100
commit	a5a3532ab0e330351861bb2e00619ec455f3d414 (patch)
tree	81e6be3e5b162aac56c65d01fe95df506c18b4f3
parent	b887310c59baf223b860d73bd01c63f888e5fc3f (diff)