From b3b52969e243d2b86a1d952ff55daa466b8b9b2b Mon Sep 17 00:00:00 2001 From: tb Date: Mon, 26 Jun 2023 08:57:17 +0000 Subject: [PATCH] Adjust EVP_PKEY_CTRL_HKDF_KEY to OpenSSL's semantics For some reason there is no NULL check on setting the HKDF key for p2 like in the other cases in the switch, instead OpenSSL fail in memdup, nulling out the key but leaving he key_len at the old value. This looks accidental but our behavior makes some haproxy regress tests segfault. So mimic weird OpenSSL semantics but in addition set the key_len to 0. Reported by Ilya Shipitsin ok jsing --- lib/libcrypto/kdf/hkdf_evp.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/kdf/hkdf_evp.c b/lib/libcrypto/kdf/hkdf_evp.c index 992c66a14f6..b33e2e0a266 100644 --- a/lib/libcrypto/kdf/hkdf_evp.c +++ b/lib/libcrypto/kdf/hkdf_evp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hkdf_evp.c,v 1.19 2022/11/26 16:08:53 tb Exp $ */ +/* $OpenBSD: hkdf_evp.c,v 1.20 2023/06/26 08:57:17 tb Exp $ */ /* ==================================================================== * Copyright (c) 2016-2018 The OpenSSL Project. All rights reserved. * @@ -129,10 +129,17 @@ pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_HKDF_KEY: - if (p1 <= 0) + if (p1 < 0) return 0; freezero(kctx->key, kctx->key_len); + kctx->key = NULL; + kctx->key_len = 0; + + /* Match OpenSSL's behavior. */ + if (p1 == 0 || p2 == NULL) + return 0; + if ((kctx->key = malloc(p1)) == NULL) return 0; memcpy(kctx->key, p2, p1); -- 2.20.1