From 93f2e101bd73ee6c215b75b50ef96a74372dd44e Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <bkaduk@akamai.com>
Date: Fri, 22 May 2020 13:23:49 -0700
Subject: [PATCH] Allow zero-length HKDF keys

When making a copy to keep in the EVP_PKEY_CTX, allocate a single
byte for the cached key instead of letting memdup return NULL
and cause the call to fail.  The length still gets set to zero
properly, so we don't end up inspecting the allocated byte, but
it's important to have a non-NULL pointer set.
---
 crypto/kdf/hkdf.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
index 6d1a32c885ecf..cab5e231fbe63 100644
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
@@ -107,7 +107,10 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         if (kctx->key != NULL)
             OPENSSL_clear_free(kctx->key, kctx->key_len);
 
-        kctx->key = OPENSSL_memdup(p2, p1);
+        if (p1 == 0)
+            kctx->key = OPENSSL_zalloc(1);
+        else
+            kctx->key = OPENSSL_memdup(p2, p1);
         if (kctx->key == NULL)
             return 0;