artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 37e1ec4) | patch
Adjust EVP_PKEY_CTRL_HKDF_KEY to OpenSSL's semantics
authortb <tb@openbsd.org>
Mon, 26 Jun 2023 08:57:17 +0000 (08:57 +0000)
committertb <tb@openbsd.org>
Mon, 26 Jun 2023 08:57:17 +0000 (08:57 +0000)
commitb3b52969e243d2b86a1d952ff55daa466b8b9b2b
tree710042c1eb9fd2e156363f5269c0cc977e2731eftree | snapshot
parent37e1ec451642b73b5faf4c0ceb9b7b7f59ae7a31commit | diff
Adjust EVP_PKEY_CTRL_HKDF_KEY to OpenSSL's semantics

For some reason there is no NULL check on setting the HKDF key for p2 like
in the other cases in the switch, instead OpenSSL fail in memdup, nulling
out the key but leaving he key_len at the old value. This looks accidental
but our behavior makes some haproxy regress tests segfault. So mimic weird
OpenSSL semantics but in addition set the key_len to 0.

Reported by Ilya Shipitsin

ok jsing
lib/libcrypto/kdf/hkdf_evp.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim