From 9d9730eb07a9bf9b41c937d73ad0cbb2d704a3d6 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 24 Apr 2019 11:39:04 -0400
Subject: [PATCH] Check more errors in OpenSSL crypto backend

---
 ...ore-errors-in-OpenSSL-crypto-backend.patch | 88 +++++++++++++++++++
 krb5.spec                                     |  6 +-
 2 files changed, 93 insertions(+), 1 deletion(-)
 create mode 100644 Check-more-errors-in-OpenSSL-crypto-backend.patch

diff --git a/Check-more-errors-in-OpenSSL-crypto-backend.patch b/Check-more-errors-in-OpenSSL-crypto-backend.patch
new file mode 100644
index 0000000..1c55efb
--- /dev/null
+++ b/Check-more-errors-in-OpenSSL-crypto-backend.patch
@@ -0,0 +1,88 @@
+From 27bc3f5a90533af509202d851374ea40f3982864 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Mon, 22 Apr 2019 14:26:42 -0400
+Subject: [PATCH] Check more errors in OpenSSL crypto backend
+
+In krb5int_hmac_keyblock() and krb5int_pbkdf2_hmac(), check for errors
+from previously unchecked OpenSSL function calls and return
+KRB5_CRYPTO_INTERNAL if they fail.
+
+HMAC_Init() is deprecated in OpenSSL 1.0 and later; as we are
+modifying the call to check for errors, call HMAC_Init_ex() instead.
+
+ticket: 8799 (new)
+(cherry picked from commit 2298e5c2ff1122bcaff715129f5b746e77c3f42a)
+---
+ src/lib/crypto/openssl/hmac.c   | 18 +++++++++---------
+ src/lib/crypto/openssl/pbkdf2.c |  9 +++++----
+ 2 files changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c
+index d94d9ac94..769a50c00 100644
+--- a/src/lib/crypto/openssl/hmac.c
++++ b/src/lib/crypto/openssl/hmac.c
+@@ -121,7 +121,7 @@ krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
+                       const krb5_crypto_iov *data, size_t num_data,
+                       krb5_data *output)
+ {
+-    unsigned int i = 0, md_len = 0;
++    unsigned int i = 0, md_len = 0, ok;
+     unsigned char md[EVP_MAX_MD_SIZE];
+     HMAC_CTX *ctx;
+     size_t hashsize, blocksize;
+@@ -141,22 +141,22 @@ krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
+     if (ctx == NULL)
+         return ENOMEM;
+ 
+-    HMAC_Init(ctx, keyblock->contents, keyblock->length, map_digest(hash));
+-    for (i = 0; i < num_data; i++) {
++    ok = HMAC_Init_ex(ctx, keyblock->contents, keyblock->length,
++                      map_digest(hash), NULL);
++    for (i = 0; ok && i < num_data; i++) {
+         const krb5_crypto_iov *iov = &data[i];
+ 
+         if (SIGN_IOV(iov))
+-            HMAC_Update(ctx, (uint8_t *)iov->data.data, iov->data.length);
++            ok = HMAC_Update(ctx, (uint8_t *)iov->data.data, iov->data.length);
+     }
+-    HMAC_Final(ctx, md, &md_len);
+-    if ( md_len <= output->length) {
++    if (ok)
++        ok = HMAC_Final(ctx, md, &md_len);
++    if (ok && md_len <= output->length) {
+         output->length = md_len;
+         memcpy(output->data, md, output->length);
+     }
+     HMAC_CTX_free(ctx);
+-    return 0;
+-
+-
++    return ok ? 0 : KRB5_CRYPTO_INTERNAL;
+ }
+ 
+ krb5_error_code
+diff --git a/src/lib/crypto/openssl/pbkdf2.c b/src/lib/crypto/openssl/pbkdf2.c
+index 00c2116fc..732ec6405 100644
+--- a/src/lib/crypto/openssl/pbkdf2.c
++++ b/src/lib/crypto/openssl/pbkdf2.c
+@@ -35,6 +35,7 @@ krb5int_pbkdf2_hmac(const struct krb5_hash_provider *hash,
+                     const krb5_data *pass, const krb5_data *salt)
+ {
+     const EVP_MD *md = NULL;
++    int ok;
+ 
+     /* Get the message digest handle corresponding to the hash. */
+     if (hash == &krb5int_hash_sha1)
+@@ -46,8 +47,8 @@ krb5int_pbkdf2_hmac(const struct krb5_hash_provider *hash,
+     if (md == NULL)
+         return KRB5_CRYPTO_INTERNAL;
+ 
+-    PKCS5_PBKDF2_HMAC(pass->data, pass->length, (unsigned char *)salt->data,
+-                      salt->length, count, md, out->length,
+-                      (unsigned char *)out->data);
+-    return 0;
++    ok = PKCS5_PBKDF2_HMAC(pass->data, pass->length,
++                           (unsigned char *)salt->data, salt->length, count,
++                           md, out->length, (unsigned char *)out->data);
++    return ok ? 0 : KRB5_CRYPTO_INTERNAL;
+ }
diff --git a/krb5.spec b/krb5.spec
index 73d6a53..b4f962b 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.17
 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 12%{?dist}
+Release: 13%{?dist}
 
 # lookaside-cached sources; two downloads and a build artifact
 Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
@@ -84,6 +84,7 @@ Patch111: Fix-config-realm-change-logic-in-FILE-remove_cred.patch
 Patch112: Remove-confvalidator-utility.patch
 Patch113: Remove-ovsec_adm_export-dump-format-support.patch
 Patch114: Fix-potential-close-1-in-cc_file.c.patch
+Patch115: Check-more-errors-in-OpenSSL-crypto-backend.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -720,6 +721,9 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 
 %changelog
+* Wed Apr 24 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-13
+- Check more errors in OpenSSL crypto backend
+
 * Mon Apr 22 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-12
 - Fix potential close(-1) in cc_file.c