When using EVP_PKEY_derive with a KDF set, a negative error from

ECDH_compute_key is silently ignored and the KDF is run on duff data Thanks to github user tomykaira for the suggested fix. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
author: Matt Caswell <matt@openssl.org> 2014-11-19 20:09:19 +0000
committer: Matt Caswell <matt@openssl.org> 2014-11-20 15:20:37 +0000
commit: 8d02bebddf4b69f7f260adfed4be4f498dcbd16c (patch)
tree: 17c42299ab640b8b61fc9dd80d697c693b4d915b /crypto/ec
parent: 31832e8ff1a3e731ea9fab41aef071a12709cf33 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 81ad4d499a..e66e690827 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -244,8 +244,8 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 	outlen = *keylen;
 		
 	ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
-	if (ret < 0)
-		return ret;
+	if (ret <= 0)
+		return 0;
 	*keylen = ret;
 	return 1;
 	}
author	Matt Caswell <matt@openssl.org>	2014-11-19 20:09:19 +0000
committer	Matt Caswell <matt@openssl.org>	2014-11-20 15:20:37 +0000
commit	8d02bebddf4b69f7f260adfed4be4f498dcbd16c (patch)
tree	17c42299ab640b8b61fc9dd80d697c693b4d915b /crypto/ec
parent	31832e8ff1a3e731ea9fab41aef071a12709cf33 (diff)