From 33dbb14462f6ae315b78289dc98d9434aff69e79 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 28 Jul 2023 09:28:37 +0000
Subject: Move KDF handling to ECDH_compute_key()

In OpenSSL e2285d87, the KDF handling was moved from the compute_key()
method into the public API. A consequence of this change is that the
ECDH_compute_key() API no longer returns -1 for some errors. Existing
checks for <= 0 are safe as are those checking for the exact length as
return value, which is all what the ecosystem seems to be doing.

ok jsing
---
 src/lib/libcrypto/ec/ec_err.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/libcrypto/ec/ec_err.c')

diff --git a/src/lib/libcrypto/ec/ec_err.c b/src/lib/libcrypto/ec/ec_err.c
index d797b937c2..9f2253dddd 100644
--- a/src/lib/libcrypto/ec/ec_err.c
+++ b/src/lib/libcrypto/ec/ec_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_err.c,v 1.17 2023/07/07 13:54:45 beck Exp $ */
+/* $OpenBSD: ec_err.c,v 1.18 2023/07/28 09:28:37 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -98,6 +98,7 @@ static ERR_STRING_DATA EC_str_reasons[] =
 	{ERR_REASON(EC_R_INVALID_FORM), "invalid form"},
 	{ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"},
 	{ERR_REASON(EC_R_INVALID_KEY), "invalid key"},
+	{ERR_REASON(EC_R_INVALID_OUTPUT_LENGTH), "invalid output length"},
 	{ERR_REASON(EC_R_INVALID_PEER_KEY), "invalid peer key"},
 	{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
 	{ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
-- 
cgit v1.2.3-55-g6feb