From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 5 Feb 2020 17:56:00 +0000 (-0500)
Subject: Don't assume OpenSSL failures are memory errors
X-Git-Tag: krb5-1.19-beta1~120
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1035%2Fhead;p=thirdparty%2Fkrb5.git

Don't assume OpenSSL failures are memory errors

More recent versions of OpenSSL can fail for other reasons.  Indicate
a crypto-related error occurred rather than a memory error to aid
debugging.

ticket: 8873 (new)
tags: pullup
target_version: 1.18
target_version: 1.17-next
---

diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c
index 957ed8d9ca..1e0fb8fc3c 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_evp.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c
@@ -58,7 +58,7 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
     }
     ok = ok && EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL);
     EVP_MD_CTX_free(ctx);
-    return ok ? 0 : ENOMEM;
+    return ok ? 0 : KRB5_CRYPTO_INTERNAL;
 }
 
 static krb5_error_code
diff --git a/src/lib/crypto/openssl/sha256.c b/src/lib/crypto/openssl/sha256.c
index 0edd8b7ba7..f9dfc85393 100644
--- a/src/lib/crypto/openssl/sha256.c
+++ b/src/lib/crypto/openssl/sha256.c
@@ -48,5 +48,5 @@ k5_sha256(const krb5_data *in, size_t n, uint8_t out[K5_SHA256_HASHLEN])
         ok = ok && EVP_DigestUpdate(ctx, in[i].data, in[i].length);
     ok = ok && EVP_DigestFinal_ex(ctx, out, NULL);
     EVP_MD_CTX_free(ctx);
-    return ok ? 0 : ENOMEM;
+    return ok ? 0 : KRB5_CRYPTO_INTERNAL;
 }