From: Sam Hartman Date: Wed, 5 Oct 2011 21:30:24 +0000 (+0000) Subject: Make alg agility KDF work properly when the hash length differs from the key length X-Git-Tag: krb5-1.10-alpha1~69 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=57505380c1934b1979c80c744af8d74127503390;p=krb5.git Make alg agility KDF work properly when the hash length differs from the key length Signed-off-by: Margaret Wasserman git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25306 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index e6faff1b1..571e309ee 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -2326,7 +2326,7 @@ pkinit_alg_values(krb5_context context, } else if ((alg_id->length == krb5_pkinit_sha512_oid_len) && (0 == memcmp(alg_id->data, krb5_pkinit_sha512_oid, krb5_pkinit_sha512_oid_len))) { - *hash_bytes = 32; + *hash_bytes = 64; *func = &EVP_sha512; return 0; } else { @@ -2371,6 +2371,8 @@ pkinit_alg_agility_kdf(krb5_context context, uint32_t counter = 1; /* Does this type work on Windows? */ size_t offset = 0; size_t hash_len = 0; + size_t rand_len = 0; + size_t key_len = 0; krb5_data random_data; krb5_sp80056a_other_info other_info_fields; krb5_pkinit_supp_pub_info supp_pub_info_fields; @@ -2386,14 +2388,18 @@ pkinit_alg_agility_kdf(krb5_context context, /* allocate and initialize the key block */ key_block->magic = 0; key_block->enctype = enctype; - if (0 != (retval = krb5_c_keylengths(context, enctype, - (size_t *)&(random_data.length), - (size_t *)&(key_block->length)))) + if (0 != (retval = krb5_c_keylengths(context, enctype, &rand_len, + &key_len))) goto cleanup; + + random_data.length = rand_len; + key_block->length = key_len; + if (NULL == (key_block->contents = malloc(key_block->length))) { retval = ENOMEM; goto cleanup; } + memset (key_block->contents, 0, key_block->length); /* If this is anonymous pkinit, use the anonymous principle for party_u_info */