projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 31832e8)
When using EVP_PKEY_derive with a KDF set, a negative error from
authorMatt Caswell <matt@openssl.org>
Wed, 19 Nov 2014 20:09:19 +0000 (20:09 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 20 Nov 2014 15:20:37 +0000 (15:20 +0000)
ECDH_compute_key is silently ignored and the KDF is run on duff data

Thanks to github user tomykaira for the suggested fix.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
crypto/ec/ec_pmeth.c patch | blob | history

diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 81ad4d499a1276651d4d66e8e4cced8d84d98b3f..e66e6908274c9a6680096f160852848b22661dda 100644 (file)
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -244,8 +244,8 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
        outlen = *keylen;
                
        ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
        outlen = *keylen;
                
        ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
-       if (ret < 0)
-               return ret;
+       if (ret <= 0)
+               return 0;
        *keylen = ret;
        return 1;
        }
        *keylen = ret;
        return 1;
        }
Unnamed repository; edit this file 'description' to name the repository.