crypto: ensure crypto initialization works

danielgustafsson · bagder · commit 22eb9893bc8f · 2023-08-08T10:44:01.000+02:00
Make sure that context initialization during hash setup works to avoid going forward with the risk of a null pointer dereference. Reported-by: Philippe Antoine on HackerOne Assisted-by: Jay Satiro Assisted-by: Daniel Stenberg Closes #11614
diff --git a/lib/curl_md4.h b/lib/curl_md4.h
@@ -25,13 +25,14 @@
  ***************************************************************************/
 
 #include "curl_setup.h"
+#include <curl/curl.h>
 
 #if !defined(CURL_DISABLE_CRYPTO_AUTH)
 
 #define MD4_DIGEST_LENGTH 16
 
-void Curl_md4it(unsigned char *output, const unsigned char *input,
-                const size_t len);
+CURLcode Curl_md4it(unsigned char *output, const unsigned char *input,
+                    const size_t len);
 
 #endif /* !defined(CURL_DISABLE_CRYPTO_AUTH) */
 
diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
@@ -419,6 +419,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(const char *password,
 {
   size_t len = strlen(password);
   unsigned char *pw;
+  CURLcode result;
   if(len > SIZE_T_MAX/2) /* avoid integer overflow */
     return CURLE_OUT_OF_MEMORY;
   pw = len ? malloc(len * 2) : (unsigned char *)strdup("");
@@ -428,12 +429,13 @@ CURLcode Curl_ntlm_core_mk_nt_hash(const char *password,
   ascii_to_unicode_le(pw, password, len);
 
   /* Create NT hashed password. */
-  Curl_md4it(ntbuffer, pw, 2 * len);
-  memset(ntbuffer + 16, 0, 21 - 16);
+  result = Curl_md4it(ntbuffer, pw, 2 * len);
+  if(!result)
+    memset(ntbuffer + 16, 0, 21 - 16);
 
   free(pw);
 
-  return CURLE_OK;
+  return result;
 }
 
 #if !defined(USE_WINDOWS_SSPI)
diff --git a/lib/md4.c b/lib/md4.c
@@ -42,6 +42,7 @@
 
 #ifdef USE_WOLFSSL
 #include <wolfssl/options.h>
+#define VOID_MD4_INIT
 #ifdef NO_MD4
 #define WOLFSSL_NO_MD4
 #endif
@@ -92,9 +93,10 @@
 
 typedef struct md4_ctx MD4_CTX;
 
-static void MD4_Init(MD4_CTX *ctx)
+static int MD4_Init(MD4_CTX *ctx)
 {
   md4_init(ctx);
+  return 1;
 }
 
 static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
@@ -114,9 +116,9 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
 #elif defined(AN_APPLE_OS)
 typedef CC_MD4_CTX MD4_CTX;
 
-static void MD4_Init(MD4_CTX *ctx)
+static int MD4_Init(MD4_CTX *ctx)
 {
-  (void)CC_MD4_Init(ctx);
+  return CC_MD4_Init(ctx);
 }
 
 static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
@@ -137,15 +139,22 @@ struct md4_ctx {
 };
 typedef struct md4_ctx MD4_CTX;
 
-static void MD4_Init(MD4_CTX *ctx)
+static int MD4_Init(MD4_CTX *ctx)
 {
   ctx->hCryptProv = 0;
   ctx->hHash = 0;
 
-  if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_FULL,
-                         CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
-    CryptCreateHash(ctx->hCryptProv, CALG_MD4, 0, 0, &ctx->hHash);
+  if(!CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_FULL,
+                          CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
+    return 0;
+
+  if(!CryptCreateHash(ctx->hCryptProv, CALG_MD4, 0, 0, &ctx->hHash)) {
+    CryptReleaseContext(ctx->hCryptProv, 0);
+    ctx->hCryptProv = 0;
+    return 0;
   }
+
+  return 1;
 }
 
 static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
@@ -176,10 +185,11 @@ struct md4_ctx {
 };
 typedef struct md4_ctx MD4_CTX;
 
-static void MD4_Init(MD4_CTX *ctx)
+static int MD4_Init(MD4_CTX *ctx)
 {
   ctx->data = NULL;
   ctx->size = 0;
+  return 1;
 }
 
 static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
@@ -258,7 +268,7 @@ struct md4_ctx {
 };
 typedef struct md4_ctx MD4_CTX;
 
-static void MD4_Init(MD4_CTX *ctx);
+static int MD4_Init(MD4_CTX *ctx);
 static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size);
 static void MD4_Final(unsigned char *result, MD4_CTX *ctx);
 
@@ -397,7 +407,7 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
   return ptr;
 }
 
-static void MD4_Init(MD4_CTX *ctx)
+static int MD4_Init(MD4_CTX *ctx)
 {
   ctx->a = 0x67452301;
   ctx->b = 0xefcdab89;
@@ -406,6 +416,7 @@ static void MD4_Init(MD4_CTX *ctx)
 
   ctx->lo = 0;
   ctx->hi = 0;
+  return 1;
 }
 
 static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
@@ -496,14 +507,21 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
 
 #endif /* CRYPTO LIBS */
 
-void Curl_md4it(unsigned char *output, const unsigned char *input,
-                const size_t len)
+CURLcode Curl_md4it(unsigned char *output, const unsigned char *input,
+                    const size_t len)
 {
   MD4_CTX ctx;
 
+#ifdef VOID_MD4_INIT
   MD4_Init(&ctx);
+#else
+  if(!MD4_Init(&ctx))
+    return CURLE_FAILED_INIT;
+#endif
+
   MD4_Update(&ctx, input, curlx_uztoui(len));
   MD4_Final(output, &ctx);
+  return CURLE_OK;
 }
 
 #endif /* USE_CURL_NTLM_CORE */
diff --git a/lib/md5.c b/lib/md5.c
@@ -213,7 +213,8 @@ static CURLcode my_md5_init(my_md5_ctx *ctx)
 
   if(!CryptCreateHash(ctx->hCryptProv, CALG_MD5, 0, 0, &ctx->hHash)) {
     CryptReleaseContext(ctx->hCryptProv, 0);
-    return CURLE_OUT_OF_MEMORY;
+    ctx->hCryptProv = 0;
+    return CURLE_FAILED_INIT;
   }
 
   return CURLE_OK;
diff --git a/lib/sha256.c b/lib/sha256.c
@@ -110,7 +110,10 @@ static CURLcode my_sha256_init(my_sha256_ctx *ctx)
   if(!ctx->openssl_ctx)
     return CURLE_OUT_OF_MEMORY;
 
-  EVP_DigestInit_ex(ctx->openssl_ctx, EVP_sha256(), NULL);
+  if(!EVP_DigestInit_ex(ctx->openssl_ctx, EVP_sha256(), NULL)) {
+    EVP_MD_CTX_destroy(ctx->openssl_ctx);
+    return CURLE_FAILED_INIT;
+  }
   return CURLE_OK;
 }
 
@@ -218,9 +221,14 @@ typedef struct sha256_ctx my_sha256_ctx;
 
 static CURLcode my_sha256_init(my_sha256_ctx *ctx)
 {
-  if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_AES,
-                         CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
-    CryptCreateHash(ctx->hCryptProv, CALG_SHA_256, 0, 0, &ctx->hHash);
+  if(!CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_AES,
+                         CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
+    return CURLE_OUT_OF_MEMORY;
+
+  if(!CryptCreateHash(ctx->hCryptProv, CALG_SHA_256, 0, 0, &ctx->hHash)) {
+    CryptReleaseContext(ctx->hCryptProv, 0);
+    ctx->hCryptProv = 0;
+    return CURLE_FAILED_INIT;
   }
 
   return CURLE_OK;
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
@@ -4730,7 +4730,10 @@ static CURLcode ossl_sha256sum(const unsigned char *tmp, /* input */
   mdctx = EVP_MD_CTX_create();
   if(!mdctx)
     return CURLE_OUT_OF_MEMORY;
-  EVP_DigestInit(mdctx, EVP_sha256());
+  if(!EVP_DigestInit(mdctx, EVP_sha256())) {
+    EVP_MD_CTX_destroy(mdctx);
+    return CURLE_FAILED_INIT;
+  }
   EVP_DigestUpdate(mdctx, tmp, tmplen);
   EVP_DigestFinal_ex(mdctx, sha256sum, &len);
   EVP_MD_CTX_destroy(mdctx);
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
@@ -1352,7 +1352,8 @@ static CURLcode wolfssl_sha256sum(const unsigned char *tmp, /* input */
 {
   wc_Sha256 SHA256pw;
   (void)unused;
-  wc_InitSha256(&SHA256pw);
+  if(wc_InitSha256(&SHA256pw))
+    return CURLE_FAILED_INIT;
   wc_Sha256Update(&SHA256pw, tmp, (word32)tmplen);
   wc_Sha256Final(&SHA256pw, sha256sum);
   return CURLE_OK;

Original file line number	Diff line number	Diff line change
`@@ -213,7 +213,8 @@ static CURLcode my_md5_init(my_md5_ctx *ctx)`
`213`	`213`
`214`	`214`	`if(!CryptCreateHash(ctx->hCryptProv, CALG_MD5, 0, 0, &ctx->hHash)) {`
`215`	`215`	`CryptReleaseContext(ctx->hCryptProv, 0);`
`216`		`- return CURLE_OUT_OF_MEMORY;`
	`216`	`+ ctx->hCryptProv = 0;`
	`217`	`+ return CURLE_FAILED_INIT;`
`217`	`218`	`}`
`218`	`219`
`219`	`220`	`return CURLE_OK;`