Allow zero-length secret for EVP_KDF API

Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12826)
author: Jon Spillett <jon.spillett@oracle.com> 2020-09-08 16:46:13 +1000
committer: Pauli <paul.dale@oracle.com> 2020-09-17 18:27:28 +1000
commit: 00108705369078097c652149c26dcbfd36ecaf76 (patch)
tree: 8bf7ca0cd6fb568ef908b682f6f807c54e88181b /providers
parent: ec4c86d9ec132aaa31c7e6892dde4dbb11397168 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
index 2f99e75a88..13d159e7e7 100644
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -127,7 +127,7 @@ static void *hmac_dup(void *vsrc)
     }
     if (src->key != NULL) {
         /* There is no "secure" OPENSSL_memdup */
-        dst->key = OPENSSL_secure_malloc(src->keylen);
+        dst->key = OPENSSL_secure_malloc(src->keylen > 0 ? src->keylen : 1);
         if (dst->key == NULL) {
             hmac_free(dst);
             return 0;
@@ -278,7 +278,7 @@ static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
         if (macctx->keylen > 0)
             OPENSSL_secure_clear_free(macctx->key, macctx->keylen);
         /* Keep a copy of the key if we need it for TLS HMAC */
-        macctx->key = OPENSSL_secure_malloc(p->data_size);
+        macctx->key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1);
         if (macctx->key == NULL)
             return 0;
         memcpy(macctx->key, p->data, p->data_size);
author	Jon Spillett <jon.spillett@oracle.com>	2020-09-08 16:46:13 +1000
committer	Pauli <paul.dale@oracle.com>	2020-09-17 18:27:28 +1000
commit	00108705369078097c652149c26dcbfd36ecaf76 (patch)
tree	8bf7ca0cd6fb568ef908b682f6f807c54e88181b /providers
parent	ec4c86d9ec132aaa31c7e6892dde4dbb11397168 (diff)