diff options
Diffstat (limited to 'source4/heimdal/lib/krb5/crypto-pk.c')
-rw-r--r-- | source4/heimdal/lib/krb5/crypto-pk.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/source4/heimdal/lib/krb5/crypto-pk.c b/source4/heimdal/lib/krb5/crypto-pk.c index eb783c8998..7fedb65c9e 100644 --- a/source4/heimdal/lib/krb5/crypto-pk.c +++ b/source4/heimdal/lib/krb5/crypto-pk.c @@ -110,7 +110,7 @@ encode_uvinfo(krb5_context context, krb5_const_principal p, krb5_data *data) { KRB5PrincipalName pn; krb5_error_code ret; - size_t size; + size_t size = 0; pn.principalName = p->name; pn.realm = p->realm; @@ -143,7 +143,7 @@ encode_otherinfo(krb5_context context, PkinitSuppPubInfo pubinfo; krb5_error_code ret; krb5_data pub; - size_t size; + size_t size = 0; krb5_data_zero(other); memset(&otherinfo, 0, sizeof(otherinfo)); @@ -192,6 +192,8 @@ encode_otherinfo(krb5_context context, return 0; } + + krb5_error_code _krb5_pk_kdf(krb5_context context, const struct AlgorithmIdentifier *ai, @@ -211,10 +213,17 @@ _krb5_pk_kdf(krb5_context context, size_t keylen, offset; uint32_t counter; unsigned char *keydata; - unsigned char shaoutput[SHA_DIGEST_LENGTH]; + unsigned char shaoutput[SHA512_DIGEST_LENGTH]; + const EVP_MD *md; EVP_MD_CTX *m; - if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) != 0) { + if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) == 0) { + md = EVP_sha1(); + } else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha256, &ai->algorithm) == 0) { + md = EVP_sha256(); + } else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha512, &ai->algorithm) == 0) { + md = EVP_sha512(); + } else { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, N_("KDF not supported", "")); return KRB5_PROG_ETYPE_NOSUPP; @@ -264,7 +273,7 @@ _krb5_pk_kdf(krb5_context context, do { unsigned char cdata[4]; - EVP_DigestInit_ex(m, EVP_sha1(), NULL); + EVP_DigestInit_ex(m, md, NULL); _krb5_put_int(cdata, counter, 4); EVP_DigestUpdate(m, cdata, 4); EVP_DigestUpdate(m, dhdata, dhsize); @@ -274,9 +283,9 @@ _krb5_pk_kdf(krb5_context context, memcpy((unsigned char *)keydata + offset, shaoutput, - min(keylen - offset, sizeof(shaoutput))); + min(keylen - offset, EVP_MD_CTX_size(m))); - offset += sizeof(shaoutput); + offset += EVP_MD_CTX_size(m); counter++; } while(offset < keylen); memset(shaoutput, 0, sizeof(shaoutput)); |