- if (eckey->meth->compute_key != NULL)
- return eckey->meth->compute_key(out, outlen, pub_key, eckey, KDF);
- ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
- return 0;
+ unsigned char *sec = NULL;
+ size_t seclen;
+ if (eckey->meth->compute_key == NULL) {
+ ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
+ return 0;
+ }
+ if (outlen > INT_MAX) {
+ ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_INVALID_OUTPUT_LENGTH);
+ return 0;
+ }
+ if (!eckey->meth->compute_key(&sec, &seclen, pub_key, eckey))
+ return 0;
+ if (KDF != NULL) {
+ KDF(sec, seclen, out, &outlen);
+ } else {
+ if (outlen > seclen)
+ outlen = seclen;
+ memcpy(out, sec, outlen);
+ }
+ OPENSSL_clear_free(sec, seclen);
+ return outlen;