From 3f6b6f0b8cbd7173b6c007b07caa6ec34cda08c5 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 1 Aug 2013 15:48:44 +0100
Subject: Minor optimisation to KDF algorithm.

Don't need to use temporary buffer if remaining length equals digest length.
---
 crypto/ecdh/ech_kdf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ecdh/ech_kdf.c b/crypto/ecdh/ech_kdf.c
index 84bf108b90..848b91745f 100644
--- a/crypto/ecdh/ech_kdf.c
+++ b/crypto/ecdh/ech_kdf.c
@@ -90,7 +90,7 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
 			goto err;
 		if (!EVP_DigestUpdate(&mctx, sinfo, sinfolen))
 			goto err;
-		if (outlen > mdlen)
+		if (outlen >= mdlen)
 			{
 			if (!EVP_DigestFinal(&mctx, out, NULL))
 				goto err;
-- 
cgit v1.2.3