When using EVP_PKEY_derive with a KDF set, a negative error from

ECDH_compute_key is silently ignored and the KDF is run on duff data Thanks to github user tomykaira for the suggested fix. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 8d02bebddf)
2014-11-19 20:09:19 +00:00 · 2014-11-19 20:09:19 +00:00 · 6f71d7da64
commit 6f71d7da64
parent 0b9e82763f
1 changed files with 2 additions and 2 deletions
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@ -244,8 +244,8 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 	outlen = *keylen;
 		
 	ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
-	if (ret < 0)
-		return ret;
+	if (ret <= 0)
+		return 0;
 	*keylen = ret;
 	return 1;
 	}