From e7dd0fff1d2bb551aed42ba8b4f3383ee61b92cf Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 23 Apr 2022 15:45:31 +0300
Subject: [PATCH] wolfSSL: Use wc_HmacInit() to avoid potential use of
 uninitialized values

wc_HmacSetKey() seems to initialize everything that is needed for the
actual operation, but at least valgrind is reporting use of
uninitialized values when this was done on a data structure that was not
explicitly cleared.

Call wc_HmacInit() before wc_HmacSetKey() to avoid any unexpected
behavior from potentially uninitialized values.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/crypto/crypto_wolfssl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index dba4dee82..8c3b7626e 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -169,7 +169,8 @@ static int wolfssl_hmac_vector(int type, const u8 *key,
 	if (TEST_FAIL())
 		return -1;
 
-	if (wc_HmacSetKey(&hmac, type, key, (word32) key_len) != 0)
+	if (wc_HmacInit(&hmac, NULL, INVALID_DEVID) != 0 ||
+	    wc_HmacSetKey(&hmac, type, key, (word32) key_len) != 0)
 		return -1;
 	for (i = 0; i < num_elem; i++)
 		if (wc_HmacUpdate(&hmac, addr[i], len[i]) != 0)
@@ -933,7 +934,8 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
 		goto done;
 	}
 
-	if (wc_HmacSetKey(&hash->hmac, type, key, key_len) != 0)
+	if (wc_HmacInit(&hash->hmac, NULL, INVALID_DEVID) != 0 ||
+	    wc_HmacSetKey(&hash->hmac, type, key, key_len) != 0)
 		goto done;
 
 	ret = hash;
-- 
2.47.2