From acd6338ff0afa31730a0cff62d993a8ebc63db5c Mon Sep 17 00:00:00 2001
From: Peiwei Hu <jlu.hpw@foxmail.com>
Date: Tue, 24 May 2022 22:57:53 +0800
Subject: Fix the incorrect checks of EVP_CIPHER_CTX_set_key_length

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18397)

(cherry picked from commit 8d9fec1781751d2106d899c6076eeb3da6930bfe)
---
 providers/implementations/kdfs/krb5kdf.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'providers')

diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c
index 2c887f0eb9..4000703ca9 100644
--- a/providers/implementations/kdfs/krb5kdf.c
+++ b/providers/implementations/kdfs/krb5kdf.c
@@ -336,8 +336,10 @@ static int cipher_init(EVP_CIPHER_CTX *ctx,
     klen = EVP_CIPHER_CTX_get_key_length(ctx);
     if (key_len != (size_t)klen) {
         ret = EVP_CIPHER_CTX_set_key_length(ctx, key_len);
-        if (!ret)
+        if (ret <= 0) {
+            ret = 0;
             goto out;
+        }
     }
     /* we never want padding, either the length requested is a multiple of
      * the cipher block size or we are passed a cipher that can cope with
-- 
cgit v1.2.3