From 576548664f25fe4334ee169cbf633b3ee73893e4 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 20 Jul 2010 22:28:35 +0000
Subject: [PATCH] pull up r24137 from trunk

 ------------------------------------------------------------------------
 r24137 | ghudson | 2010-06-14 16:46:27 -0400 (Mon, 14 Jun 2010) | 7 lines

 ticket: 6738
 target_version: 1.8.3
 tags: pullup

 In PKINIT, notice if DH_compute_key() returns a value less than the
 buffer size, and pad it on the left if so.

ticket: 6738
version_fixed: 1.8.3
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24194 dc483132-0cff-0310-8789-dd5450dbe970
---
 .../preauth/pkinit/pkinit_crypto_openssl.c    | 20 +++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index d000466e3..af09d69f9 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -2092,6 +2092,22 @@ cleanup:
     return retval;
 }
 
+/* Call DH_compute_key() and ensure that we left-pad short results instead of
+ * leaving junk bytes at the end of the buffer. */
+static void
+compute_dh(unsigned char *buf, int size, BIGNUM *server_pub_key, DH *dh)
+{
+    int len, pad;
+
+    len = DH_compute_key(buf, server_pub_key, dh);
+    assert(len >= 0 && len <= size);
+    if (len < size) {
+        pad = size - len;
+        memmove(buf + pad, buf, len);
+        memset(buf, 0, pad);
+    }
+}
+
 krb5_error_code
 client_create_dh(krb5_context context,
                  pkinit_plg_crypto_context plg_cryptoctx,
@@ -2243,7 +2259,7 @@ client_process_dh(krb5_context context,
     if ((server_pub_key = ASN1_INTEGER_to_BN(pub_key, NULL)) == NULL)
         goto cleanup;
 
-    DH_compute_key(*client_key, server_pub_key, cryptoctx->dh);
+    compute_dh(*client_key, *client_key_len, server_pub_key, cryptoctx->dh);
 #ifdef DEBUG_DH
     print_pubkey(server_pub_key, "server's pub_key=");
     pkiDebug("client secret key (%d)= ", *client_key_len);
@@ -2378,7 +2394,7 @@ server_process_dh(krb5_context context,
     *server_key_len = DH_size(dh_server);
     if ((*server_key = malloc(*server_key_len)) == NULL)
         goto cleanup;
-    DH_compute_key(*server_key, dh->pub_key, dh_server);
+    compute_dh(*server_key, *server_key_len, dh->pub_key, dh_server);
 
 #ifdef DEBUG_DH
     print_dh(dh_server, "client&server's DH params\n");
-- 
2.26.2