Closed mamckee closed 2 months ago
Just confirming: the expected behavior for OpenSSL is that the ECDH secret can be truncated if the output length is too short, but the DH secret cannot, and returns an error in that case? That seems very strange. But assuming that's the desired behavior, the changes look good to me.
Yeah, I think it's a little confusing they don't leave this up to the caller to truncate and keep interfaces consistent. https://github.com/openssl/openssl/blob/2e966354956e55825331f61bf98976ffe60e4332/providers/implementations/exchange/ecdh_exch.c#L457-L460
This PR addresses behavior fixes for compatibility issues found when calling OpenSSL with the SymCryp provider though different wrapper libraries. These are behavior differences to make the SymCrypt provider act more like the default provider.
SymCryptEcDhSecretAgreement
, the secret is truncated.inl
passed to AES cipher update is zero,*outl
should always be set to zero.