From 2fe7f2d0d9a6fcc75b4e594eeec306cc55acd594 Mon Sep 17 00:00:00 2001 From: Eric Roman Date: Mon, 26 Jan 2015 15:52:15 -0800 Subject: [PATCH] Initialize HMAC keys to zero. In an attempt to assign a zero-length HMAC key, consumers might incorrectly call: HMAC_Init_ex(key=NULL, key_len=0) This does not work as expected since |key==NULL| has special semantics. This bug may consequently result in uninitialized memory being used for the HMAC key data. This workaround doesn't fix all the problems associated with this pattern, however by defaulting to a zero key the results are more predictable than before. BUG=http://crbug.com/449409 Change-Id: I777276d57c61f1c0cce80b18e28a9b063784733f Reviewed-on: https://boringssl-review.googlesource.com/3040 Reviewed-by: Adam Langley --- crypto/hmac/hmac.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 9c1e77ae..de00aae7 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -93,6 +93,8 @@ uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len, } void HMAC_CTX_init(HMAC_CTX *ctx) { + ctx->md = NULL; + ctx->key_length = 0; EVP_MD_CTX_init(&ctx->i_ctx); EVP_MD_CTX_init(&ctx->o_ctx); EVP_MD_CTX_init(&ctx->md_ctx); @@ -111,6 +113,15 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len, uint8_t pad[HMAC_MAX_MD_CBLOCK]; if (md != NULL) { + if (ctx->md == NULL && key == NULL && ctx->key_length == 0) { + /* TODO(eroman): Change the API instead of this hack. + * If a key hasn't yet been assigned to the context, then default to using + * an all-zero key. This is to work around callers of + * HMAC_Init_ex(key=NULL, key_len=0) intending to set a zero-length key. + * Rather than resulting in uninitialized memory reads, it will + * predictably use a zero key. */ + memset(ctx->key, 0, sizeof(ctx->key)); + } reset = 1; ctx->md = md; } else {