When using EVP_PKEY_derive with a KDF set, a negative error from

ECDH_compute_key is silently ignored and the KDF is run on duff data Thanks to github user tomykaira for the suggested fix. Reviewed-by: N Dr. Stephen Henson <steve@openssl.org>

When using EVP_PKEY_derive with a KDF set, a negative error from
ECDH_compute_key is silently ignored and the KDF is run on duff data Thanks to github user tomykaira for the suggested fix. Reviewed-by: N Dr. Stephen Henson <steve@openssl.org>
8d02bebd · Matt Caswell · 31832e8f · 8d02bebd
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

crypto/ec/ec_pmeth.c crypto/ec/ec_pmeth.c +2 -2

未找到文件。
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -244,8 +244,8 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 	outlen = *keylen;
 		
 	ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
-	if (ret < 0)
-		return ret;
+	if (ret <= 0)
+		return 0;
 	*keylen = ret;
 	return 1;
 	}