From ecb677658f541bac51cd3a70a2166bdd1f853e46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ayd=C4=B1n=20Mercan?= <aydin@isc.org>
Date: Wed, 14 Jan 2026 17:40:24 +0300
Subject: [PATCH] don't transform errors in hmac_sign

The change from DST_R_OPENSSLFAILURE to ISC_R_CRYPTOFAILURE seems to be
benign. Furthermore it should a bug to rely on the exacts crypto failure
code.
---
 lib/dns/hmac_link.c | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/lib/dns/hmac_link.c b/lib/dns/hmac_link.c
index aa3d5d7141..41913095f2 100644
--- a/lib/dns/hmac_link.c
+++ b/lib/dns/hmac_link.c
@@ -199,18 +199,10 @@ hmac_adddata(const dst_context_t *dctx, const isc_region_t *data) {
 static isc_result_t
 hmac_sign(const dst_context_t *dctx, isc_buffer_t *sig) {
 	isc_hmac_t *ctx = dctx->ctxdata.hmac_ctx;
-	isc_result_t r;
 
 	REQUIRE(ctx != NULL);
 
-	r = isc_hmac_final(ctx, sig);
-
-	/* Turn CRYPTOFAILURE into OPENSSLFAILURE */
-	if (r == ISC_R_CRYPTOFAILURE) {
-		r = DST_R_OPENSSLFAILURE;
-	}
-
-	return r;
+	return isc_hmac_final(ctx, sig);
 }
 
 static isc_result_t