From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 23 Jul 2025 14:50:22 +0000 (+0200)
Subject: hmac: return error if init fails
X-Git-Tag: curl-8_16_0~404
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2714486d89be441630b3344b1f4f4be6c3f37ba5;p=thirdparty%2Fcurl.git

hmac: return error if init fails

They can actually happen in OOM situtations.

Reported-by: Philippe Antoine
Closes #18008
---

diff --git a/lib/hmac.c b/lib/hmac.c
index 3af1f292da..5e7dd0df0c 100644
--- a/lib/hmac.c
+++ b/lib/hmac.c
@@ -73,7 +73,8 @@ Curl_HMAC_init(const struct HMAC_params *hashparams,
 
   /* If the key is too long, replace it by its hash digest. */
   if(keylen > hashparams->maxkeylen) {
-    hashparams->hinit(ctxt->hashctxt1);
+    if(hashparams->hinit(ctxt->hashctxt1))
+      return NULL;
     hashparams->hupdate(ctxt->hashctxt1, key, keylen);
     hkey = (unsigned char *) ctxt->hashctxt2 + hashparams->ctxtsize;
     hashparams->hfinal(hkey, ctxt->hashctxt1);
@@ -82,8 +83,9 @@ Curl_HMAC_init(const struct HMAC_params *hashparams,
   }
 
   /* Prime the two hash contexts with the modified key. */
-  hashparams->hinit(ctxt->hashctxt1);
-  hashparams->hinit(ctxt->hashctxt2);
+  if(hashparams->hinit(ctxt->hashctxt1) ||
+     hashparams->hinit(ctxt->hashctxt2))
+    return NULL;
 
   for(i = 0; i < keylen; i++) {
     b = (unsigned char)(*key ^ hmac_ipad);