Fix an error check for EVP_PBE_CipherInit_ex()

As pointed out during the review for the recent security issue in this
file, this error check is incorrect: as documented, this function has
the usual Boolean return values.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28727)

(cherry picked from commit f0efd026f7d69da97ec8f3b05f05a322e98fb21f)
(cherry picked from commit 9dc4b2f493ff87c012610e395f38fd0c2ab612fd)

diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index 74530cb68e546da4497b2edf607b98ee2c290362..7c72307808ffc11561acbf560a5e9966d5dacbdc 100644 (file)
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -361,10 +361,10 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,
 
     /* Finish password based key derivation to setup key in "ctx" */
 
-    if (EVP_PBE_CipherInit_ex(algtmp->algorithm,
-                              (char *)pwri->pass, pwri->passlen,
-                              algtmp->parameter, kekctx, en_de,
-                              cms_ctx->libctx, cms_ctx->propq) < 0) {
+    if (!EVP_PBE_CipherInit_ex(algtmp->algorithm,
+                               (char *)pwri->pass, (int)pwri->passlen,
+                               algtmp->parameter, kekctx, en_de,
+                               cms_ctx->libctx, cms_ctx->propq)) {
         ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
         goto err;
     }