generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

When using EVP_PKEY_derive with a KDF set, a negative error from

Browse Source 
ECDH_compute_key is silently ignored and the KDF is run on duff data

Thanks to github user tomykaira for the suggested fix.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
This commit is contained in:
Matt Caswell 2014-11-19 20:09:19 +00:00
parent 31832e8ff1
commit 8d02bebddf
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/ec/ec_pmeth.c
View File

@ -244,8 +244,8 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
outlen = *keylen; outlen = *keylen;
ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0); ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
if (ret < 0) if (ret <= 0)
return ret; return 0;
*keylen = ret; *keylen = ret;
return 1; return 1;
} }