oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Check HMAC_Init_ex() return value

Browse Source
This commit is contained in:
Nicolas Williams
2022-01-12 21:10:45 -06:00
parent 52f3dc6aa4
commit 05e8c0ede6
11 changed files with 125 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
kdc/httpkadmind.c
View File

@@ -1740,15 +1740,22 @@ mac_csrf_token(kadmin_request_desc r, krb5_storage *sp)
ret = krb5_enomem(r->context);
/* HMAC the token body and the client principal name */
if (ret == 0) {
HMAC_Init_ex(ctx, princ.key_data[i].key_data_contents[0], princ.key_data[i].key_data_length[0], EVP_sha256(), NULL);
HMAC_Update(ctx, data.data, data.length);
HMAC_Update(ctx, r->cname, strlen(r->cname));
HMAC_Final(ctx, mac, &maclen);
krb5_data_free(&data);
data.length = maclen;
data.data = mac;
if (krb5_storage_write(sp, mac, maclen) != maclen)
if (HMAC_Init_ex(ctx, princ.key_data[i].key_data_contents[0],
princ.key_data[i].key_data_length[0], EVP_sha256(),
NULL) == 0) {
HMAC_CTX_cleanup(ctx);
ret = krb5_enomem(r->context);
} else {
HMAC_Update(ctx, data.data, data.length);
HMAC_Update(ctx, r->cname, strlen(r->cname));
HMAC_Final(ctx, mac, &maclen);
HMAC_CTX_cleanup(ctx);
krb5_data_free(&data);
data.length = maclen;
data.data = mac;
if (krb5_storage_write(sp, mac, maclen) != maclen)
ret = krb5_enomem(r->context);
}
}
krb5_free_principal(r->context, p);
if (freeit)

19
kdc/kx509.c
View File

@@ -157,9 +157,11 @@ verify_req_hash(krb5_context context,
}
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx,
key->keyvalue.data, key->keyvalue.length,
EVP_sha1(), NULL);
if (HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length,
EVP_sha1(), NULL) == 0) {
HMAC_CTX_cleanup(&ctx);
return krb5_enomem(context);
}
if (sizeof(digest) != HMAC_size(&ctx))
krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509");
HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
@@ -186,14 +188,17 @@ calculate_reply_hash(krb5_context context,
krb5_keyblock *key,
Kx509Response *rep)
{
krb5_error_code ret;
krb5_error_code ret = 0;
HMAC_CTX ctx;
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length,
EVP_sha1(), NULL);
ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx));
if (HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length,
EVP_sha1(), NULL) == 0)
ret = krb5_enomem(context);
if (ret == 0)
ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx));
if (ret) {
HMAC_CTX_cleanup(&ctx);
return krb5_enomem(context);

5
lib/gssapi/ntlm/crypto.c
View File

@@ -194,7 +194,10 @@ v2_sign_message(gss_buffer_t in,
HMAC_CTX c;
HMAC_CTX_init(&c);
HMAC_Init_ex(&c, signkey, 16, EVP_md5(), NULL);
if (HMAC_Init_ex(&c, signkey, 16, EVP_md5(), NULL) == 0) {
HMAC_CTX_cleanup(&c);
return GSS_S_FAILURE;
}
encode_le_uint32(seq, hmac);
HMAC_Update(&c, hmac, 4);

5
lib/hcrypto/hmac.c
View File

@@ -167,7 +167,10 @@ HMAC(const EVP_MD *md,
HMAC_CTX ctx;
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, key, key_size, md, NULL);
if (HMAC_Init_ex(&ctx, key, key_size, md, NULL) == 0) {
HMAC_CTX_cleanup(&ctx);
return NULL;
}
HMAC_Update(&ctx, data, data_size);
HMAC_Final(&ctx, hash, hash_len);
HMAC_CTX_cleanup(&ctx);

6
lib/hcrypto/test_hmac.c
View File

@@ -51,7 +51,11 @@ main(int argc, char **argv)
"\x6f\xd1\x52\x4d\x54\x58\x73\x0f\xf3\x24";
HMAC_CTX_init(&c);
HMAC_Init_ex(&c, hmackey, hmackey_size, EVP_sha1(), NULL);
if (HMAC_Init_ex(&c, hmackey, hmackey_size, EVP_sha1(), NULL) == 0) {
HMAC_CTX_cleanup(&c);
printf("out of memory\n");
return 1;
}
HMAC_Update(&c, buf, sizeof(buf));
HMAC_Final(&c, hmac, &hmaclen);
HMAC_CTX_cleanup(&c);

3
lib/hcrypto/validate.c
View File

@@ -276,7 +276,8 @@ check_hmac(void)
"\x6f\xd1\x52\x4d\x54\x58\x73\x0f\xf3\x24";
HMAC_CTX_init(&c);
HMAC_Init_ex(&c, hmackey, hmackey_size, EVP_sha1(), NULL);
if (HMAC_Init_ex(&c, hmackey, hmackey_size, EVP_sha1(), NULL) == 0)
errx(1, "HMAC_Init_ex() out of memory");
HMAC_Update(&c, buf, sizeof(buf));
HMAC_Final(&c, hmac, &hmaclen);
HMAC_CTX_cleanup(&c);

6
lib/kafs/rxkad_kdf.c
View File

@@ -89,12 +89,16 @@ rxkad_derive_des_key(const void *in, size_t insize, char out[8])
/* stop when 8 bit counter wraps to 0 */
for (i = 1; i; i++) {
HMAC_CTX_init(&mctx);
HMAC_Init_ex(&mctx, in, insize, EVP_md5(), NULL);
if (HMAC_Init_ex(&mctx, in, insize, EVP_md5(), NULL) == 0) {
HMAC_CTX_cleanup(&mctx);
return ENOMEM;
}
HMAC_Update(&mctx, &i, 1);
HMAC_Update(&mctx, label, sizeof(label)); /* includes label and separator */
HMAC_Update(&mctx, Lbuf, 4);
mdsize = sizeof(tmp);
HMAC_Final(&mctx, tmp, &mdsize);
HMAC_CTX_cleanup(&mctx);
memcpy(ktmp, tmp, 8);
DES_set_odd_parity(&ktmp);
if (!DES_is_weak_key(&ktmp)) {

7
lib/krb5/crypto-evp.c
View File

@@ -137,8 +137,11 @@ _krb5_evp_hmac_iov(krb5_context context,
if (ctx == NULL)
return krb5_enomem(context);
HMAC_Init_ex(ctx, key->key->keyvalue.data, key->key->keyvalue.length,
md, engine);
if (HMAC_Init_ex(ctx, key->key->keyvalue.data, key->key->keyvalue.length,
md, engine) == 0) {
HMAC_CTX_free(ctx);
return krb5_enomem(context);
}
for (i = 0; i < niov; i++) {
if (_krb5_crypto_iov_should_sign(&iov[i])) {

38
lib/krb5/kx509.c
View File

@@ -848,21 +848,28 @@ mk_kx509_req(krb5_context context,
/* Add the the key and HMAC to the message */
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, kx509_ctx->hmac_key->keyvalue.data,
kx509_ctx->hmac_key->keyvalue.length, EVP_sha1(), NULL);
HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
if (private_key || kx509_ctx->given_csr.data) {
HMAC_Update(&ctx, kx509_req.pk_key.data, kx509_req.pk_key.length);
if (HMAC_Init_ex(&ctx, kx509_ctx->hmac_key->keyvalue.data,
kx509_ctx->hmac_key->keyvalue.length,
EVP_sha1(), NULL) == 0) {
HMAC_CTX_cleanup(&ctx);
ret = krb5_enomem(context);
} else {
/* Probe */
HMAC_Update(&ctx, kx509_req.authenticator.data, kx509_req.authenticator.length);
HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
if (private_key || kx509_ctx->given_csr.data) {
HMAC_Update(&ctx, kx509_req.pk_key.data, kx509_req.pk_key.length);
} else {
/* Probe */
HMAC_Update(&ctx, kx509_req.authenticator.data, kx509_req.authenticator.length);
}
HMAC_Final(&ctx, kx509_req.pk_hash.data, 0);
HMAC_CTX_cleanup(&ctx);
}
HMAC_Final(&ctx, kx509_req.pk_hash.data, 0);
HMAC_CTX_cleanup(&ctx);
/* Encode the message, prefix `version_2_0', output the result */
ASN1_MALLOC_ENCODE(Kx509Request, pre_req.data, pre_req.length, &kx509_req, &len, ret);
ret = krb5_data_alloc(req, pre_req.length + sizeof(version_2_0));
if (ret == 0)
ASN1_MALLOC_ENCODE(Kx509Request, pre_req.data, pre_req.length, &kx509_req, &len, ret);
if (ret == 0)
ret = krb5_data_alloc(req, pre_req.length + sizeof(version_2_0));
if (ret == 0) {
memcpy(req->data, version_2_0, sizeof(version_2_0));
memcpy(((unsigned char *)req->data) + sizeof(version_2_0),
@@ -984,8 +991,13 @@ rd_kx509_resp(krb5_context context,
}
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, kx509_ctx->hmac_key->keyvalue.data,
kx509_ctx->hmac_key->keyvalue.length, EVP_sha1(), NULL);
if (HMAC_Init_ex(&ctx, kx509_ctx->hmac_key->keyvalue.data,
kx509_ctx->hmac_key->keyvalue.length, EVP_sha1(), NULL) == 0) {
free_Kx509Response(&r);
HMAC_CTX_cleanup(&ctx);
return krb5_enomem(context);
}
HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
{

5
lib/krb5/sp800-108-kdf.c
View File

@@ -73,7 +73,10 @@ _krb5_SP800_108_HMAC_KDF(krb5_context context,
unsigned char tmp[4];
size_t len;
HMAC_Init_ex(&c, kdf_K1->data, kdf_K1->length, md, NULL);
if (HMAC_Init_ex(&c, kdf_K1->data, kdf_K1->length, md, NULL) == 0) {
HMAC_CTX_cleanup(&c);
return krb5_enomem(context);
}
_krb5_put_int(tmp, i + 1, 4);
HMAC_Update(&c, tmp, 4);

73
lib/ntlm/ntlm.c
View File

@@ -1324,7 +1324,10 @@ heim_ntlm_v2_base_session(void *key, size_t len,
/* Note: key is the NTLMv2 key */
HMAC_CTX_init(&c);
HMAC_Init_ex(&c, key, len, EVP_md5(), NULL);
if (HMAC_Init_ex(&c, key, len, EVP_md5(), NULL) == 0) {
HMAC_CTX_cleanup(&c);
return ENOMEM;
}
HMAC_Update(&c, ntlmResponse->data, 16);
HMAC_Final(&c, session->data, &hmaclen);
HMAC_CTX_cleanup(&c);
@@ -1443,7 +1446,7 @@ heim_ntlm_build_ntlm2_master(void *key, size_t len,
ret = heim_ntlm_v2_base_session(key, len, blob, &sess);
if (ret)
return ret;
return ret;
ret = heim_ntlm_keyex_wrap(&sess, session, master);
heim_ntlm_free_buf(&sess);
@@ -1523,25 +1526,26 @@ heim_ntlm_ntlmv2_key(const void *key, size_t len,
{
int ret;
unsigned int hmaclen;
struct ntlm_buf buf;
HMAC_CTX c;
HMAC_CTX_init(&c);
HMAC_Init_ex(&c, key, len, EVP_md5(), NULL);
{
struct ntlm_buf buf;
/* uppercase username and turn it into ucs2-le */
ret = ascii2ucs2le(username, 1, &buf);
if (ret)
goto out;
HMAC_Update(&c, buf.data, buf.length);
free(buf.data);
/* turn target into ucs2-le */
ret = ascii2ucs2le(target, upper_case_target, &buf);
if (ret)
goto out;
HMAC_Update(&c, buf.data, buf.length);
free(buf.data);
if (HMAC_Init_ex(&c, key, len, EVP_md5(), NULL) == 0) {
ret = ENOMEM;
goto out;
}
/* uppercase username and turn it into ucs2-le */
ret = ascii2ucs2le(username, 1, &buf);
if (ret)
goto out;
HMAC_Update(&c, buf.data, buf.length);
free(buf.data);
/* turn target into ucs2-le */
ret = ascii2ucs2le(target, upper_case_target, &buf);
if (ret)
goto out;
HMAC_Update(&c, buf.data, buf.length);
free(buf.data);
HMAC_Final(&c, ntlmv2, &hmaclen);
out:
HMAC_CTX_cleanup(&c);
@@ -1599,6 +1603,7 @@ heim_ntlm_calculate_lm2(const void *key, size_t len,
struct ntlm_buf *answer)
{
unsigned char clientchallenge[8];
krb5_error_code ret;
if (RAND_bytes(clientchallenge, sizeof(clientchallenge)) != 1)
return HNTLM_ERR_RAND;
@@ -1612,12 +1617,12 @@ heim_ntlm_calculate_lm2(const void *key, size_t len,
return ENOMEM;
answer->length = 24;
heim_ntlm_derive_ntlm2_sess(ntlmv2, clientchallenge, 8,
serverchallenge, answer->data);
ret = heim_ntlm_derive_ntlm2_sess(ntlmv2, clientchallenge, 8,
serverchallenge, answer->data);
if (ret == 0)
memcpy(((unsigned char *)answer->data) + 16, clientchallenge, 8);
memcpy(((unsigned char *)answer->data) + 16, clientchallenge, 8);
return 0;
return ret;
}
@@ -1695,7 +1700,10 @@ heim_ntlm_calculate_ntlm2(const void *key, size_t len,
krb5_storage_free(sp);
sp = NULL;
heim_ntlm_derive_ntlm2_sess(ntlmv2, data.data, data.length, serverchallenge, ntlmv2answer);
ret = heim_ntlm_derive_ntlm2_sess(ntlmv2, data.data, data.length,
serverchallenge, ntlmv2answer);
if (ret)
return ret;
sp = krb5_storage_emem();
if (sp == NULL) {
@@ -1809,10 +1817,13 @@ verify_ntlm2(const void *key, size_t len,
goto out;
}
heim_ntlm_derive_ntlm2_sess(ntlmv2,
((unsigned char *)answer->data) + 16, answer->length - 16,
serverchallenge,
serveranswer);
ret = heim_ntlm_derive_ntlm2_sess(ntlmv2,
((unsigned char *)answer->data) + 16,
answer->length - 16,
serverchallenge,
serveranswer);
if (ret)
goto out;
if (memcmp(serveranswer, clientanswer, 16) != 0) {
heim_ntlm_free_buf(infotarget);
@@ -1995,7 +2006,7 @@ heim_ntlm_calculate_ntlm2_sess_hash(const unsigned char clnt_nonce[8],
* @ingroup ntlm_core
*/
void
int
heim_ntlm_derive_ntlm2_sess(const unsigned char sessionkey[16],
const unsigned char *clnt_nonce, size_t clnt_nonce_length,
const unsigned char svr_chal[8],
@@ -2006,10 +2017,14 @@ heim_ntlm_derive_ntlm2_sess(const unsigned char sessionkey[16],
/* HMAC(Ksession, serverchallenge || clientchallenge) */
HMAC_CTX_init(&c);
HMAC_Init_ex(&c, sessionkey, 16, EVP_md5(), NULL);
if (HMAC_Init_ex(&c, sessionkey, 16, EVP_md5(), NULL) == 0) {
HMAC_CTX_cleanup(&c);
return ENOMEM;
}
HMAC_Update(&c, svr_chal, 8);
HMAC_Update(&c, clnt_nonce, clnt_nonce_length);
HMAC_Final(&c, derivedkey, &hmaclen);
HMAC_CTX_cleanup(&c);
memset(&c, 0, sizeof(c));
return 0;
}