From: Matt Caswell Date: Wed, 19 Nov 2014 20:09:19 +0000 (+0000) Subject: When using EVP_PKEY_derive with a KDF set, a negative error from X-Git-Tag: master-post-reformat~280 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8d02bebddf4b69f7f260adfed4be4f498dcbd16c;p=oweals%2Fopenssl.git When using EVP_PKEY_derive with a KDF set, a negative error from ECDH_compute_key is silently ignored and the KDF is run on duff data Thanks to github user tomykaira for the suggested fix. Reviewed-by: Dr. Stephen Henson --- diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 81ad4d499a..e66e690827 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -244,8 +244,8 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) outlen = *keylen; ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0); - if (ret < 0) - return ret; + if (ret <= 0) + return 0; *keylen = ret; return 1; }