oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

DH_compute_key might not include zero pre-filling, add it back. Reported by Tom Yu of MIT Kerberos

Browse Source
This commit is contained in:
Love Hornquist Astrand
2010-06-28 21:50:43 +02:00
parent 18303dcd72
commit 6e05462c1e
2 changed files with 16 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
kdc/pkinit.c
View File

@@ -227,10 +227,7 @@ generate_dh_keyblock(krb5_context context,
goto out;
}
dh_gen_keylen = DH_size(client_params->u.dh.key);
size = BN_num_bytes(client_params->u.dh.key->p);
if (size < dh_gen_keylen)
size = dh_gen_keylen;
size = DH_size(client_params->u.dh.key);
dh_gen_key = malloc(size);
if (dh_gen_key == NULL) {
@@ -238,17 +235,20 @@ generate_dh_keyblock(krb5_context context,
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
memset(dh_gen_key, 0, size - dh_gen_keylen);
dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
client_params->u.dh.public_key,
client_params->u.dh.key);
dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key);
if (dh_gen_keylen == -1) {
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret,
"Can't compute Diffie-Hellman key");
goto out;
}
if (dh_gen_keylen < size) {
size -= dh_gen_keylen;
memmove(dh_gen_key + size, dh_gen_key, size);
memset(dh_gen_key, 0, size);
}
ret = 0;
#ifdef HAVE_OPENSSL
} else if (client_params->keyex == USE_ECDH) {

15
lib/krb5/pkinit.c
View File

@@ -1416,10 +1416,7 @@ pk_rd_pa_reply_dh(krb5_context context,
}
dh_gen_keylen = DH_size(ctx->u.dh);
size = BN_num_bytes(ctx->u.dh->p);
if (size < dh_gen_keylen)
size = dh_gen_keylen;
size = DH_size(ctx->u.dh);
dh_gen_key = malloc(size);
if (dh_gen_key == NULL) {
@@ -1427,10 +1424,8 @@ pk_rd_pa_reply_dh(krb5_context context,
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
goto out;
}
memset(dh_gen_key, 0, size - dh_gen_keylen);
dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
kdc_dh_pubkey, ctx->u.dh);
dh_gen_keylen = DH_compute_key(dh_gen_key, kdc_dh_pubkey, ctx->u.dh);
if (dh_gen_keylen == -1) {
ret = KRB5KRB_ERR_GENERIC;
dh_gen_keylen = 0;
@@ -1438,6 +1433,12 @@ pk_rd_pa_reply_dh(krb5_context context,
N_("PKINIT: Can't compute Diffie-Hellman key", ""));
goto out;
}
if (dh_gen_keylen < size) {
size -= dh_gen_keylen;
memmove(dh_gen_key + size, dh_gen_key, size);
memset(dh_gen_key, 0, size);
}
} else {
#ifdef HAVE_OPENSSL
const EC_GROUP *group;