Allow zero-length HKDF keys

kaduk · tmshort · commit 93f2e101bd73 · 2020-12-11T09:10:46.000-05:00
When making a copy to keep in the EVP_PKEY_CTX, allocate a single
byte for the cached key instead of letting memdup return NULL
and cause the call to fail.  The length still gets set to zero
properly, so we don't end up inspecting the allocated byte, but
it's important to have a non-NULL pointer set.
diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
@@ -107,7 +107,10 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         if (kctx->key != NULL)
             OPENSSL_clear_free(kctx->key, kctx->key_len);
 
-        kctx->key = OPENSSL_memdup(p2, p1);
+        if (p1 == 0)
+            kctx->key = OPENSSL_zalloc(1);
+        else
+            kctx->key = OPENSSL_memdup(p2, p1);
         if (kctx->key == NULL)
             return 0;
 
