Reordered pkinit_server_return_padata(), so that the alg-agility

KDF can be called after the reply is encoded, as it needs the
encoded reply as one of its arguments.
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25217 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 1e208fa847b163fc18dbbc95630cc933a9a54bd1..46bcc2ca778e4911dac2303bcd149f81357820dc 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -796,17 +796,15 @@ pkinit_server_return_padata(krb5_context context,
             goto cleanup;
         }
     }
-
     if ((rep9 != NULL &&
          rep9->choice == choice_pa_pk_as_rep_draft9_dhSignedData) ||
         (rep != NULL && rep->choice == choice_pa_pk_as_rep_dhInfo)) {
-        retval = pkinit_octetstring2key(context, enctype, server_key,
-                                        server_key_len, encrypting_key);
-        if (retval) {
-            pkiDebug("pkinit_octetstring2key failed: %s\n",
-                     error_message(retval));
-            goto cleanup;
-        }
+
+        /*
+         * This is DH, so don't generate the key until after we
+         * encode the reply, because the encoded reply is needed
+         * to generate the key in some cases.
+         */
 
         dhkey_info.subjectPublicKey.length = dh_pubkey_len;
         dhkey_info.subjectPublicKey.data = dh_pubkey;
@@ -852,6 +850,7 @@ pkinit_server_return_padata(krb5_context context,
             }
             break;
         }
+
     } else {
         pkiDebug("received RSA key delivery AS REQ\n");
 
@@ -995,6 +994,19 @@ pkinit_server_return_padata(krb5_context context,
                          "/tmp/kdc_as_rep");
 #endif
 
+    /* If this is DH, we haven't computed the key yet, so do it now. */
+    if ((rep9 != NULL &&
+         rep9->choice == choice_pa_pk_as_rep_draft9_dhSignedData) ||
+        (rep != NULL && rep->choice == choice_pa_pk_as_rep_dhInfo)) {
+        retval = pkinit_octetstring2key(context, enctype, server_key,
+                                        server_key_len, encrypting_key);
+        if (retval) {
+            pkiDebug("pkinit_octetstring2key failed: %s\n",
+                     error_message(retval));
+            goto cleanup;
+        }
+    }
+
     *send_pa = malloc(sizeof(krb5_pa_data));
     if (*send_pa == NULL) {
         retval = ENOMEM;