summaryrefslogtreecommitdiff
path: root/lib/libcrypto/kdf
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2023-06-26 08:57:18 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2023-06-26 08:57:18 +0000
commit3592dab1a22367ce4e384d923b74dee41fdab3ff (patch)
tree02c86fdcecfc18deaeb288914e46bad0fef29f66 /lib/libcrypto/kdf
parent9b9b598a5f2a1a692746f27a2e5f4edf544df07a (diff)
Adjust EVP_PKEY_CTRL_HKDF_KEY to OpenSSL's semantics
For some reason there is no NULL check on setting the HKDF key for p2 like in the other cases in the switch, instead OpenSSL fail in memdup, nulling out the key but leaving he key_len at the old value. This looks accidental but our behavior makes some haproxy regress tests segfault. So mimic weird OpenSSL semantics but in addition set the key_len to 0. Reported by Ilya Shipitsin ok jsing
Diffstat (limited to 'lib/libcrypto/kdf')
-rw-r--r--lib/libcrypto/kdf/hkdf_evp.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/libcrypto/kdf/hkdf_evp.c b/lib/libcrypto/kdf/hkdf_evp.c
index 992c66a14f6..b33e2e0a266 100644
--- a/lib/libcrypto/kdf/hkdf_evp.c
+++ b/lib/libcrypto/kdf/hkdf_evp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hkdf_evp.c,v 1.19 2022/11/26 16:08:53 tb Exp $ */
+/* $OpenBSD: hkdf_evp.c,v 1.20 2023/06/26 08:57:17 tb Exp $ */
/* ====================================================================
* Copyright (c) 2016-2018 The OpenSSL Project. All rights reserved.
*
@@ -129,10 +129,17 @@ pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
return 1;
case EVP_PKEY_CTRL_HKDF_KEY:
- if (p1 <= 0)
+ if (p1 < 0)
return 0;
freezero(kctx->key, kctx->key_len);
+ kctx->key = NULL;
+ kctx->key_len = 0;
+
+ /* Match OpenSSL's behavior. */
+ if (p1 == 0 || p2 == NULL)
+ return 0;
+
if ((kctx->key = malloc(p1)) == NULL)
return 0;
memcpy(kctx->key, p2, p1);