s390x: fix ecx derive

Derivation via ecx-methods did not properly set the length.  Make the code
more similar to common code and set the length property.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19158)

(cherry picked from commit 3cca05cc194c0528865deea57d9e60ca3fb0e5d3)

diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index bd72006c849000c470c8a916a1ea7eeb4ff99fc9..4e32210bf43613bf5e789f751e141f538e92f202 100644 (file)
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -1160,12 +1160,10 @@ static int s390x_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key,
 {
     const unsigned char *privkey, *pubkey;
 
-    if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey))
+    if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
+        || (key != NULL
+            && s390x_x25519_mul(key, privkey, pubkey) == 0))
         return 0;
-
-    if (key != NULL)
-        return s390x_x25519_mul(key, pubkey, privkey);
-
     *keylen = X25519_KEYLEN;
     return 1;
 }
@@ -1175,12 +1173,10 @@ static int s390x_pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key,
 {
     const unsigned char *privkey, *pubkey;
 
-    if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey))
+    if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
+        || (key != NULL
+            && s390x_x448_mul(key, pubkey, privkey) == 0))
         return 0;
-
-    if (key != NULL)
-        return s390x_x448_mul(key, pubkey, privkey);
-
     *keylen = X448_KEYLEN;
     return 1;
 }