From: Jon Spillett <jon.spillett@oracle.com>
Date: Tue, 8 Sep 2020 06:46:13 +0000 (+1000)
Subject: Allow zero-length secret for EVP_KDF API
X-Git-Tag: openssl-3.0.0-alpha7~221
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00108705369078097c652149c26dcbfd36ecaf76;p=thirdparty%2Fopenssl.git

Allow zero-length secret for EVP_KDF API

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12826)
---

diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
index 2f99e75a887..13d159e7e77 100644
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -127,7 +127,7 @@ static void *hmac_dup(void *vsrc)
     }
     if (src->key != NULL) {
         /* There is no "secure" OPENSSL_memdup */
-        dst->key = OPENSSL_secure_malloc(src->keylen);
+        dst->key = OPENSSL_secure_malloc(src->keylen > 0 ? src->keylen : 1);
         if (dst->key == NULL) {
             hmac_free(dst);
             return 0;
@@ -278,7 +278,7 @@ static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
         if (macctx->keylen > 0)
             OPENSSL_secure_clear_free(macctx->key, macctx->keylen);
         /* Keep a copy of the key if we need it for TLS HMAC */
-        macctx->key = OPENSSL_secure_malloc(p->data_size);
+        macctx->key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1);
         if (macctx->key == NULL)
             return 0;
         memcpy(macctx->key, p->data, p->data_size);