From 5dad867ccb9407300ecb7a842441006c05707eaf Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 5 May 2022 18:29:34 +0000 Subject: [PATCH] Fix HMAC() with NULL key If a NULL key is passed to HMAC_Init_ex(), it tries to reuse the previous key. This makes no sense inside HMAC() since the HMAC_CTX has no key set yet. This is hit by HKDF() with NULL salt() via the EVP API and results in a few Wycheproof test failures. If key is NULL, use a zero length dummy key. This was not hit from wycheproof.go since we pass a []byte with a single NUL from Go. Matches OpenSSL if key is NULL and key_len is 0. If key_len != 0, OpenSSL will still fail by passing a NULL key which makes no sense, so set key_len to 0 instead. ok beck jsing --- lib/libcrypto/hmac/hmac.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/hmac/hmac.c b/lib/libcrypto/hmac/hmac.c index 55989988add..3421119b7e6 100644 --- a/lib/libcrypto/hmac/hmac.c +++ b/lib/libcrypto/hmac/hmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.c,v 1.27 2021/12/12 21:30:14 tb Exp $ */ +/* $OpenBSD: hmac.c,v 1.28 2022/05/05 18:29:34 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -261,11 +261,16 @@ HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, { HMAC_CTX c; static unsigned char m[EVP_MAX_MD_SIZE]; + const unsigned char dummy_key[1] = { 0 }; if (md == NULL) md = m; + if (key == NULL) { + key = dummy_key; + key_len = 0; + } HMAC_CTX_init(&c); - if (!HMAC_Init(&c, key, key_len, evp_md)) + if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL)) goto err; if (!HMAC_Update(&c, d, n)) goto err; -- 2.20.1