[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Thu Apr 19 07:52:10 UTC 2018
The branch OpenSSL_1_0_2-stable has been updated
via c6c7bb010770cbf7d818d0ef8f5628decaa7e037 (commit)
from 4571b3c8e06dc8d9fba003a3c9b9fb680f1bf223 (commit)
- Log -----------------------------------------------------------------
commit c6c7bb010770cbf7d818d0ef8f5628decaa7e037
Author: Matt Caswell <matt at openssl.org>
Date: Wed Apr 18 12:03:41 2018 +0100
Return 0 on a non-matching kdf_type
If we have a non-matching kdf_type then pkey_dh_derive silently succeeds.
It should fail. This is a "should not happen" condition anyway so the
impact is negligible.
Fixes #2440
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6000)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_pmeth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 6452482..926be98 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -486,7 +486,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
return ret;
}
#endif
- return 1;
+ return 0;
}
const EVP_PKEY_METHOD dh_pkey_meth = {
More information about the openssl-commits
mailing list