From c8a12b1b820b699c93785231b77530716f395045 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Fri, 22 May 2020 13:23:49 -0700 Subject: QUIC: Allow zero-length HKDF keys When making a copy to keep in the EVP_PKEY_CTX, allocate a single byte for the cached key instead of letting memdup return NULL and cause the call to fail. The length still gets set to zero properly, so we don't end up inspecting the allocated byte, but it's important to have a non-NULL pointer set. (cherry picked from commit 93f2e101bd73ee6c215b75b50ef96a74372dd44e) --- crypto/kdf/hkdf.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c index 6d1a32c885..cab5e231fb 100644 --- a/crypto/kdf/hkdf.c +++ b/crypto/kdf/hkdf.c @@ -107,7 +107,10 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) if (kctx->key != NULL) OPENSSL_clear_free(kctx->key, kctx->key_len); - kctx->key = OPENSSL_memdup(p2, p1); + if (p1 == 0) + kctx->key = OPENSSL_zalloc(1); + else + kctx->key = OPENSSL_memdup(p2, p1); if (kctx->key == NULL) return 0; -- 2.35.3