From f45c5c5b98a2815b6102dac200d0a9880ba26676 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 26 Jun 2023 08:57:17 +0000
Subject: Adjust EVP_PKEY_CTRL_HKDF_KEY to OpenSSL's semantics

For some reason there is no NULL check on setting the HKDF key for p2 like
in the other cases in the switch, instead OpenSSL fail in memdup, nulling
out the key but leaving he key_len at the old value. This looks accidental
but our behavior makes some haproxy regress tests segfault. So mimic weird
OpenSSL semantics but in addition set the key_len to 0.

Reported by Ilya Shipitsin

ok jsing
---
 src/lib/libcrypto/kdf/hkdf_evp.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto')

diff --git a/src/lib/libcrypto/kdf/hkdf_evp.c b/src/lib/libcrypto/kdf/hkdf_evp.c
index 992c66a14f..b33e2e0a26 100644
--- a/src/lib/libcrypto/kdf/hkdf_evp.c
+++ b/src/lib/libcrypto/kdf/hkdf_evp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: hkdf_evp.c,v 1.19 2022/11/26 16:08:53 tb Exp $ */
+/*	$OpenBSD: hkdf_evp.c,v 1.20 2023/06/26 08:57:17 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2016-2018 The OpenSSL Project.  All rights reserved.
  *
@@ -129,10 +129,17 @@ pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 		return 1;
 
 	case EVP_PKEY_CTRL_HKDF_KEY:
-		if (p1 <= 0)
+		if (p1 < 0)
 			return 0;
 
 		freezero(kctx->key, kctx->key_len);
+		kctx->key = NULL;
+		kctx->key_len = 0;
+
+		/* Match OpenSSL's behavior. */
+		if (p1 == 0 || p2 == NULL)
+			return 0;
+
 		if ((kctx->key = malloc(p1)) == NULL)
 			return 0;
 		memcpy(kctx->key, p2, p1);
-- 
cgit v1.2.3-55-g6feb