From 164ca9ae93b10288a47e3f6d705e9eb16793f4be Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 25 Apr 2024 15:35:17 +0200
Subject: [PATCH] libcrypto: Check return values in KDF handling

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/libcrypto.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/libcrypto.c b/src/libcrypto.c
index f45ffa96..33834dbd 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -169,13 +169,25 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
     EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
 #else
-    EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
-    EVP_KDF_CTX *ctx = EVP_KDF_CTX_new(kdf);
-    OSSL_PARAM_BLD *param_bld = OSSL_PARAM_BLD_new();
+    EVP_KDF_CTX *ctx = NULL;
+    OSSL_PARAM_BLD *param_bld = NULL;
     OSSL_PARAM *params = NULL;
-    const char *md = sshkdf_digest_to_md(crypto->digest_type);
+    const char *md = NULL;
+    EVP_KDF *kdf = NULL;
 
+    md = sshkdf_digest_to_md(crypto->digest_type);
+    if (md == NULL) {
+        return -1;
+    }
+
+    kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
+    if (kdf == NULL) {
+        return -1;
+    }
+    ctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
+
+    param_bld = OSSL_PARAM_BLD_new();
     if (param_bld == NULL) {
         EVP_KDF_CTX_free(ctx);
         return -1;