From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 14 Jan 2021 14:53:08 +0000 (+0100)
Subject: kdf_exch.c (kdf_derive): Proper handling of NULL secret
X-Git-Tag: openssl-3.0.0-alpha11~41
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6253cdcc8ea7b0116a43ee596ac03e0b04b8b762;p=thirdparty%2Fopenssl.git

kdf_exch.c (kdf_derive): Proper handling of NULL secret

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13869)
---

diff --git a/providers/implementations/exchange/kdf_exch.c b/providers/implementations/exchange/kdf_exch.c
index c022a351072..43652faf504 100644
--- a/providers/implementations/exchange/kdf_exch.c
+++ b/providers/implementations/exchange/kdf_exch.c
@@ -95,7 +95,13 @@ static int kdf_derive(void *vpkdfctx, unsigned char *secret, size_t *secretlen,
 
     if (!ossl_prov_is_running())
         return 0;
-    return EVP_KDF_derive(pkdfctx->kdfctx, secret, *secretlen);
+
+    if (secret == NULL) {
+        *secretlen = EVP_KDF_CTX_get_kdf_size(pkdfctx->kdfctx);
+        return 1;
+    }
+
+    return EVP_KDF_derive(pkdfctx->kdfctx, secret, outlen);
 }
 
 static void kdf_freectx(void *vpkdfctx)