From 9688997301a315933290ed4d55ec407d045ac324 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 12 Jul 2018 17:07:03 +0200
Subject: [PATCH] MAC setup: support 0-length HMAC key

Avoid undefined behavior when using a 0-length HMAC key (Asan
complained).
---
 library/psa_crypto.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index de1f772ea..a0f278086 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1435,7 +1435,11 @@ static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac,
         if( status != PSA_SUCCESS )
             return( status );
     }
-    else
+    /* A 0-length key is not commonly used in HMAC when used as a MAC,
+     * but it is permitted. It is common when HMAC is used in HKDF, for
+     * example. Don't call `memcpy` in the 0-length because `key` could be
+     * an invalid pointer which would make the behavior undefined. */
+    else if( key_length != 0 )
         memcpy( ipad, key, key_length );
 
     /* ipad contains the key followed by garbage. Xor and fill with 0x36