Browse Source

kdf_exch.c (kdf_derive): Proper handling of NULL secret

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13869)
Tomas Mraz 3 years ago
parent
commit
6253cdcc8e
1 changed files with 7 additions and 1 deletions
  1. 7 1
      providers/implementations/exchange/kdf_exch.c

+ 7 - 1
providers/implementations/exchange/kdf_exch.c

@@ -95,7 +95,13 @@ static int kdf_derive(void *vpkdfctx, unsigned char *secret, size_t *secretlen,
 
     if (!ossl_prov_is_running())
         return 0;
-    return EVP_KDF_derive(pkdfctx->kdfctx, secret, *secretlen);
+
+    if (secret == NULL) {
+        *secretlen = EVP_KDF_CTX_get_kdf_size(pkdfctx->kdfctx);
+        return 1;
+    }
+
+    return EVP_KDF_derive(pkdfctx->kdfctx, secret, outlen);
 }
 
 static void kdf_freectx(void *vpkdfctx)