Check ECDH output buffer length and avoid truncation.

Currently, if you call ECDH_compute_key() it will silently truncate the
resulting key if the output buffer is less than the key size. Instead,
detect this condition and return an error. If the buffer provided is larger
than the key length, zero the remainder.

ok beck@ miod@ "+ shivers"

1 files changed, 2 insertions, 1 deletions

diff --git a/src/lib/libcrypto/ecdh/ecdh.h b/src/lib/libcrypto/ecdh/ecdh.h
index 3bcb8b045e..e1cc8404d0 100644
--- a/src/lib/libcrypto/ecdh/ecdh.h
+++ b/src/lib/libcrypto/ecdh/ecdh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdh.h,v 1.3 2015/09/13 10:46:20 jsing Exp $ */
+/* $OpenBSD: ecdh.h,v 1.4 2015/09/13 11:49:44 jsing Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -116,6 +116,7 @@ void ERR_load_ECDH_strings(void);
 
 /* Reason codes. */
 #define ECDH_R_KDF_FAILED                                102
+#define ECDH_R_KEY_TRUNCATION                            104
 #define ECDH_R_NON_FIPS_METHOD                           103
 #define ECDH_R_NO_PRIVATE_VALUE                          100
 #define ECDH_R_POINT_ARITHMETIC_FAILURE                  101