s4:heimdal: import lorikeet-heimdal-201009250123 (commit 42cabfb5b683dbcb97d583c397b897507689e382)

I based this on Matthieu's import of lorikeet-heimdal, and then
updated it to this commit.

Andrew Bartlett

1 files changed, 8 insertions, 8 deletions

diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index 4405bf4f19..9c0be23b14 100644
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -227,10 +227,7 @@ generate_dh_keyblock(krb5_context context,
 	    goto out;
 	}
 
-	dh_gen_keylen = DH_size(client_params->u.dh.key);
-	size = BN_num_bytes(client_params->u.dh.key->p);
-	if (size < dh_gen_keylen)
-	    size = dh_gen_keylen;
+	size = DH_size(client_params->u.dh.key);
 
 	dh_gen_key = malloc(size);
 	if (dh_gen_key == NULL) {
@@ -238,17 +235,20 @@ generate_dh_keyblock(krb5_context context,
 	    krb5_set_error_message(context, ret, "malloc: out of memory");
 	    goto out;
 	}
-	memset(dh_gen_key, 0, size - dh_gen_keylen);
 
-	dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
-				       client_params->u.dh.public_key,
-				       client_params->u.dh.key);
+	dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key);
 	if (dh_gen_keylen == -1) {
 	    ret = KRB5KRB_ERR_GENERIC;
 	    krb5_set_error_message(context, ret,
 				   "Can't compute Diffie-Hellman key");
 	    goto out;
 	}
+	if (dh_gen_keylen < size) {
+	    size -= dh_gen_keylen;
+	    memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen);
+	    memset(dh_gen_key, 0, size);
+	}
+
 	ret = 0;
 #ifdef HAVE_OPENSSL
     } else if (client_params->keyex == USE_ECDH) {