wolfSSL: Use wc_HmacInit() to avoid potential use of uninitialized values

wc_HmacSetKey() seems to initialize everything that is needed for the
actual operation, but at least valgrind is reporting use of
uninitialized values when this was done on a data structure that was not
explicitly cleared.

Call wc_HmacInit() before wc_HmacSetKey() to avoid any unexpected
behavior from potentially uninitialized values.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index dba4dee8296237cf347ec182248812bc536e2eed..8c3b7626e530f3b7cb860d6ca96284e07451b73c 100644 (file)
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -169,7 +169,8 @@ static int wolfssl_hmac_vector(int type, const u8 *key,
        if (TEST_FAIL())
                return -1;
 
-       if (wc_HmacSetKey(&hmac, type, key, (word32) key_len) != 0)
+       if (wc_HmacInit(&hmac, NULL, INVALID_DEVID) != 0 ||
+           wc_HmacSetKey(&hmac, type, key, (word32) key_len) != 0)
                return -1;
        for (i = 0; i < num_elem; i++)
                if (wc_HmacUpdate(&hmac, addr[i], len[i]) != 0)
@@ -933,7 +934,8 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
                goto done;
        }
 
-       if (wc_HmacSetKey(&hash->hmac, type, key, key_len) != 0)
+       if (wc_HmacInit(&hash->hmac, NULL, INVALID_DEVID) != 0 ||
+           wc_HmacSetKey(&hash->hmac, type, key, key_len) != 0)
                goto done;
 
        ret = hash;