Allow zero-length secret for EVP_KDF API

author Jon Spillett <jon.spillett@oracle.com>

Tue, 8 Sep 2020 06:46:13 +0000 (16:46 +1000)

committer Pauli <paul.dale@oracle.com>

Thu, 17 Sep 2020 08:27:28 +0000 (18:27 +1000)
author Jon Spillett <jon.spillett@oracle.com>
Tue, 8 Sep 2020 06:46:13 +0000 (16:46 +1000)
committer Pauli <paul.dale@oracle.com>
Thu, 17 Sep 2020 08:27:28 +0000 (18:27 +1000)
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c

index 2f99e75a887f32c4daf3839b9d96f44d7d92bdfb..13d159e7e77fceadfb8d23ee3afef29652a28649 100644 (file)
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -127,7 +127,7 @@ static void *hmac_dup(void *vsrc)
      }
      if (src->key != NULL) {
          /* There is no "secure" OPENSSL_memdup */
-        dst->key = OPENSSL_secure_malloc(src->keylen);
+        dst->key = OPENSSL_secure_malloc(src->keylen > 0 ? src->keylen : 1);
          if (dst->key == NULL) {
              hmac_free(dst);
              return 0;
@@ -278,7 +278,7 @@ static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
          if (macctx->keylen > 0)
              OPENSSL_secure_clear_free(macctx->key, macctx->keylen);
          /* Keep a copy of the key if we need it for TLS HMAC */
-        macctx->key = OPENSSL_secure_malloc(p->data_size);
+        macctx->key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1);
          if (macctx->key == NULL)
              return 0;
          memcpy(macctx->key, p->data, p->data_size);
author	Jon Spillett <jon.spillett@oracle.com>
	Tue, 8 Sep 2020 06:46:13 +0000 (16:46 +1000)
committer	Pauli <paul.dale@oracle.com>
	Thu, 17 Sep 2020 08:27:28 +0000 (18:27 +1000)