Commit c6c7bb01 authored by Matt Caswell's avatar Matt Caswell
Browse files

Return 0 on a non-matching kdf_type 



If we have a non-matching kdf_type then pkey_dh_derive silently succeeds.
It should fail. This is a "should not happen" condition anyway so the
impact is negligible.

Fixes #2440

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6000)
parent 4571b3c8

crypto/dh/dh_pmeth.c

+1 −1
Original line number Diff line number Diff line
@@ -486,7 +486,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, 
        return ret;

    }

#endif

    return 1;

    return 0;

}



const EVP_PKEY_METHOD dh_pkey_meth = {