From 842524798c7f69edcef3f01cae7a9a6f126ed1dc Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 22 Apr 2019 14:26:42 -0400
Subject: [PATCH] Check more errors in OpenSSL crypto backend

In krb5int_hmac_keyblock() and krb5int_pbkdf2_hmac(), check for errors
from previously unchecked OpenSSL function calls and return
KRB5_CRYPTO_INTERNAL if they fail.

HMAC_Init() is deprecated in OpenSSL 1.0 and later; as we are
modifying the call to check for errors, call HMAC_Init_ex() instead.

ticket: 8799 (new)
(cherry picked from commit 2298e5c2ff1122bcaff715129f5b746e77c3f42a)
---
 src/lib/crypto/openssl/hmac.c   | 18 +++++++++---------
 src/lib/crypto/openssl/pbkdf2.c |  9 +++++----
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c
index b2db6ec02..7dc59dcc0 100644
--- a/src/lib/crypto/openssl/hmac.c
+++ b/src/lib/crypto/openssl/hmac.c
@@ -117,7 +117,7 @@ krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
                       const krb5_crypto_iov *data, size_t num_data,
                       krb5_data *output)
 {
-    unsigned int i = 0, md_len = 0;
+    unsigned int i = 0, md_len = 0, ok;
     unsigned char md[EVP_MAX_MD_SIZE];
     HMAC_CTX *ctx;
     size_t hashsize, blocksize;
@@ -137,22 +137,22 @@ krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
     if (ctx == NULL)
         return ENOMEM;
 
-    HMAC_Init(ctx, keyblock->contents, keyblock->length, map_digest(hash));
-    for (i = 0; i < num_data; i++) {
+    ok = HMAC_Init_ex(ctx, keyblock->contents, keyblock->length,
+                      map_digest(hash), NULL);
+    for (i = 0; ok && i < num_data; i++) {
         const krb5_crypto_iov *iov = &data[i];
 
         if (SIGN_IOV(iov))
-            HMAC_Update(ctx, (uint8_t *)iov->data.data, iov->data.length);
+            ok = HMAC_Update(ctx, (uint8_t *)iov->data.data, iov->data.length);
     }
-    HMAC_Final(ctx, md, &md_len);
-    if ( md_len <= output->length) {
+    if (ok)
+        ok = HMAC_Final(ctx, md, &md_len);
+    if (ok && md_len <= output->length) {
         output->length = md_len;
         memcpy(output->data, md, output->length);
     }
     HMAC_CTX_free(ctx);
-    return 0;
-
-
+    return ok ? 0 : KRB5_CRYPTO_INTERNAL;
 }
 
 krb5_error_code
diff --git a/src/lib/crypto/openssl/pbkdf2.c b/src/lib/crypto/openssl/pbkdf2.c
index 00c2116fc..732ec6405 100644
--- a/src/lib/crypto/openssl/pbkdf2.c
+++ b/src/lib/crypto/openssl/pbkdf2.c
@@ -35,6 +35,7 @@ krb5int_pbkdf2_hmac(const struct krb5_hash_provider *hash,
                     const krb5_data *pass, const krb5_data *salt)
 {
     const EVP_MD *md = NULL;
+    int ok;
 
     /* Get the message digest handle corresponding to the hash. */
     if (hash == &krb5int_hash_sha1)
@@ -46,8 +47,8 @@ krb5int_pbkdf2_hmac(const struct krb5_hash_provider *hash,
     if (md == NULL)
         return KRB5_CRYPTO_INTERNAL;
 
-    PKCS5_PBKDF2_HMAC(pass->data, pass->length, (unsigned char *)salt->data,
-                      salt->length, count, md, out->length,
-                      (unsigned char *)out->data);
-    return 0;
+    ok = PKCS5_PBKDF2_HMAC(pass->data, pass->length,
+                           (unsigned char *)salt->data, salt->length, count,
+                           md, out->length, (unsigned char *)out->data);
+    return ok ? 0 : KRB5_CRYPTO_INTERNAL;
 }