If someone called this function before a successful setkey, we would end up in a NULL dereference. The function should return minimum size for output buffer or error code if key hasn't been set. Signed-off-by: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx> --- crypto/ecdh.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/ecdh.c b/crypto/ecdh.c index c1f0163..b2b12cd 100644 --- a/crypto/ecdh.c +++ b/crypto/ecdh.c @@ -107,10 +107,10 @@ static int ecdh_compute_value(struct kpp_request *req) static int ecdh_max_size(struct crypto_kpp *tfm) { struct ecdh_ctx *ctx = ecdh_get_ctx(tfm); - int nbytes = ctx->ndigits << ECC_DIGITS_TO_BYTES_SHIFT; - /* Public key is made of two coordinates */ - return 2 * nbytes; + /* Public key is made of two coordinates, add one to the left shift */ + return ctx->ndigits ? ctx->ndigits << (ECC_DIGITS_TO_BYTES_SHIFT + 1) : + -ENOKEY; } static void no_exit_tfm(struct crypto_kpp *tfm) -- 2.7.4