From 175fe9ae53db3beb469d692a88f1dcf45c066332 Mon Sep 17 00:00:00 2001
From: Weixie Cui <cuiweixie@gmail.com>
Date: Sun, 22 Mar 2026 02:15:06 +0800
Subject: [PATCH] Fix HMAC_Init_ex when reusing key context

When reuse key is enabled and the context has already been used, the code intended to call HMAC_Init_ex with a null key to reuse the existing key. An unconditional second HMAC_Init_ex call always re-passed the key, overwriting that path.

Use an else branch so only one initialization runs, matching the reuse semantics and aligning with similar crypto context lifecycle fixes (e.g. SERVER-119317 for MD5 hash state).
---
 src/mongo/crypto/hash_block.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/mongo/crypto/hash_block.cpp b/src/mongo/crypto/hash_block.cpp
index b40f9b4b7568b..7201794136ffe 100644
--- a/src/mongo/crypto/hash_block.cpp
+++ b/src/mongo/crypto/hash_block.cpp
@@ -53,8 +53,9 @@ int HmacContext::hmacCtxInitFn(const EVP_MD* md, const uint8_t* key, size_t keyL
     int ret;
     if (getReuseKey() && useCount() >= 1) {
         ret = HMAC_Init_ex(get(), nullptr, 0, md, nullptr);
+    } else {
+        ret = HMAC_Init_ex(get(), key, keyLen, md, nullptr);
     }
-    ret = HMAC_Init_ex(get(), key, keyLen, md, nullptr);
     if (getReuseKey()) {
         use++;
     }