Check ECDH output buffer length and avoid truncation.

Currently, if you call ECDH_compute_key() it will silently truncate the
resulting key if the output buffer is less than the key size. Instead,
detect this condition and return an error. If the buffer provided is larger
than the key length, zero the remainder.

ok beck@ miod@ "+ shivers"

1 files changed, 2 insertions, 1 deletions

diff --git a/src/lib/libcrypto/ecdh/ech_err.c b/src/lib/libcrypto/ecdh/ech_err.c
index 2899b573c3..afe5ff3af8 100644
--- a/src/lib/libcrypto/ecdh/ech_err.c
+++ b/src/lib/libcrypto/ecdh/ech_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ech_err.c,v 1.4 2015/09/13 10:46:20 jsing Exp $ */
+/* $OpenBSD: ech_err.c,v 1.5 2015/09/13 11:49:44 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -80,6 +80,7 @@ static ERR_STRING_DATA ECDH_str_functs[]= {
 
 static ERR_STRING_DATA ECDH_str_reasons[]= {
         {ERR_REASON(ECDH_R_KDF_FAILED)           , "KDF failed"},
+        {ERR_REASON(ECDH_R_KEY_TRUNCATION), "key would be truncated"},
         {ERR_REASON(ECDH_R_NON_FIPS_METHOD)      , "non fips method"},
         {ERR_REASON(ECDH_R_NO_PRIVATE_VALUE)     , "no private value"},
         {ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"},