提交 8d02bebd 编写于 作者: M Matt Caswell

When using EVP_PKEY_derive with a KDF set, a negative error from

ECDH_compute_key is silently ignored and the KDF is run on duff data

Thanks to github user tomykaira for the suggested fix.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
上级 31832e8f
......@@ -244,8 +244,8 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
outlen = *keylen;
ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
if (ret < 0)
return ret;
if (ret <= 0)
return 0;
*keylen = ret;
return 1;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册