kdf_exch.c (kdf_derive): Proper handling of NULL secret

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13869)
2 years ago · 6253cdcc8e
parent f23e4a17a2
commit 6253cdcc8e
1 changed files with 7 additions and 1 deletions
--- a/providers/implementations/exchange/kdf_exch.c
+++ b/providers/implementations/exchange/kdf_exch.c
@ -95,7 +95,13 @@ static int kdf_derive(void *vpkdfctx, unsigned char *secret, size_t *secretlen,

    if (!ossl_prov_is_running())
        return 0;
-    return EVP_KDF_derive(pkdfctx->kdfctx, secret, *secretlen);
+
+    if (secret == NULL) {
+        *secretlen = EVP_KDF_CTX_get_kdf_size(pkdfctx->kdfctx);
+        return 1;
+    }
+
+    return EVP_KDF_derive(pkdfctx->kdfctx, secret, outlen);
 }

 static void kdf_freectx(void *vpkdfctx)