From e2b1ff706bb7ee07a20d8b6c0a20b7a36dbdbac4 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 5 May 2022 18:29:34 +0000
Subject: Fix HMAC() with NULL key

If a NULL key is passed to HMAC_Init_ex(), it tries to reuse the
previous key. This makes no sense inside HMAC() since the HMAC_CTX
has no key set yet. This is hit by HKDF() with NULL salt() via the
EVP API and results in a few Wycheproof test failures. If key is
NULL, use a zero length dummy key.

This was not hit from wycheproof.go since we pass a []byte with a
single NUL from Go.

Matches OpenSSL if key is NULL and key_len is 0. If key_len != 0,
OpenSSL will still fail by passing a NULL key which makes no sense,
so set key_len to 0 instead.

ok beck jsing
---
 src/lib/libcrypto/hmac/hmac.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
index 55989988ad..3421119b7e 100644
--- a/src/lib/libcrypto/hmac/hmac.c
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hmac.c,v 1.27 2021/12/12 21:30:14 tb Exp $ */
+/* $OpenBSD: hmac.c,v 1.28 2022/05/05 18:29:34 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -261,11 +261,16 @@ HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d,
 {
 	HMAC_CTX c;
 	static unsigned char m[EVP_MAX_MD_SIZE];
+	const unsigned char dummy_key[1] = { 0 };
 
 	if (md == NULL)
 		md = m;
+	if (key == NULL) {
+		key = dummy_key;
+		key_len = 0;
+	}
 	HMAC_CTX_init(&c);
-	if (!HMAC_Init(&c, key, key_len, evp_md))
+	if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL))
 		goto err;
 	if (!HMAC_Update(&c, d, n))
 		goto err;
-- 
cgit v1.2.3-55-g6feb