From 9688997301a315933290ed4d55ec407d045ac324 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Jul 2018 17:07:03 +0200 Subject: [PATCH] MAC setup: support 0-length HMAC key Avoid undefined behavior when using a 0-length HMAC key (Asan complained). --- library/psa_crypto.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index de1f772ea..a0f278086 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1435,7 +1435,11 @@ static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, if( status != PSA_SUCCESS ) return( status ); } - else + /* A 0-length key is not commonly used in HMAC when used as a MAC, + * but it is permitted. It is common when HMAC is used in HKDF, for + * example. Don't call `memcpy` in the 0-length because `key` could be + * an invalid pointer which would make the behavior undefined. */ + else if( key_length != 0 ) memcpy( ipad, key, key_length ); /* ipad contains the key followed by garbage. Xor and fill with 0x36