diff options
author | Matthieu Patou <mat@matws.net> | 2010-08-15 18:31:28 +0400 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-10-03 01:15:04 +0000 |
commit | ab6e3fce040f9ad27cbce44e9038a24f15b601c8 (patch) | |
tree | ab99a431c9610927b5d0d26335d2712b509fd6dc /source4/heimdal/lib/krb5/pkinit.c | |
parent | 197a1514d62494cc8b862d169c841a26e04b8925 (diff) | |
download | samba-ab6e3fce040f9ad27cbce44e9038a24f15b601c8.tar.gz samba-ab6e3fce040f9ad27cbce44e9038a24f15b601c8.tar.bz2 samba-ab6e3fce040f9ad27cbce44e9038a24f15b601c8.zip |
s4:heimdal: import lorikeet-heimdal-201009250123 (commit 42cabfb5b683dbcb97d583c397b897507689e382)
I based this on Matthieu's import of lorikeet-heimdal, and then
updated it to this commit.
Andrew Bartlett
Diffstat (limited to 'source4/heimdal/lib/krb5/pkinit.c')
-rw-r--r-- | source4/heimdal/lib/krb5/pkinit.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 6711c7702f..92c1200f06 100644 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -1416,10 +1416,7 @@ pk_rd_pa_reply_dh(krb5_context context, } - dh_gen_keylen = DH_size(ctx->u.dh); - size = BN_num_bytes(ctx->u.dh->p); - if (size < dh_gen_keylen) - size = dh_gen_keylen; + size = DH_size(ctx->u.dh); dh_gen_key = malloc(size); if (dh_gen_key == NULL) { @@ -1427,10 +1424,8 @@ pk_rd_pa_reply_dh(krb5_context context, krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } - memset(dh_gen_key, 0, size - dh_gen_keylen); - dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen), - kdc_dh_pubkey, ctx->u.dh); + dh_gen_keylen = DH_compute_key(dh_gen_key, kdc_dh_pubkey, ctx->u.dh); if (dh_gen_keylen == -1) { ret = KRB5KRB_ERR_GENERIC; dh_gen_keylen = 0; @@ -1438,6 +1433,12 @@ pk_rd_pa_reply_dh(krb5_context context, N_("PKINIT: Can't compute Diffie-Hellman key", "")); goto out; } + if (dh_gen_keylen < size) { + size -= dh_gen_keylen; + memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen); + memset(dh_gen_key, 0, size); + } + } else { #ifdef HAVE_OPENSSL const EC_GROUP *group; |