diff options
Diffstat (limited to 'crypto/heimdal/kdc/kx509.c')
| -rw-r--r-- | crypto/heimdal/kdc/kx509.c | 48 |
1 files changed, 29 insertions, 19 deletions
diff --git a/crypto/heimdal/kdc/kx509.c b/crypto/heimdal/kdc/kx509.c index 8d683d50a375..4694b098275d 100644 --- a/crypto/heimdal/kdc/kx509.c +++ b/crypto/heimdal/kdc/kx509.c @@ -64,7 +64,7 @@ verify_req_hash(krb5_context context, krb5_keyblock *key) { unsigned char digest[SHA_DIGEST_LENGTH]; - HMAC_CTX ctx; + HMAC_CTX *ctx; if (req->pk_hash.length != sizeof(digest)) { krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, @@ -73,16 +73,21 @@ verify_req_hash(krb5_context context, return KRB5KDC_ERR_PREAUTH_FAILED; } - HMAC_CTX_init(&ctx); - HMAC_Init_ex(&ctx, + ctx = HMAC_CTX_new(); + if (ctx == NULL) { + krb5_set_error_message(context, ENOMEM, + "HMAC context malloc failed"); + return ENOMEM; + } + HMAC_Init_ex(ctx, key->keyvalue.data, key->keyvalue.length, EVP_sha1(), NULL); - if (sizeof(digest) != HMAC_size(&ctx)) + if (sizeof(digest) != HMAC_size(ctx)) krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509"); - HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); - HMAC_Update(&ctx, req->pk_key.data, req->pk_key.length); - HMAC_Final(&ctx, digest, 0); - HMAC_CTX_cleanup(&ctx); + HMAC_Update(ctx, version_2_0, sizeof(version_2_0)); + HMAC_Update(ctx, req->pk_key.data, req->pk_key.length); + HMAC_Final(ctx, digest, 0); + HMAC_CTX_free(ctx); if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) { krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, @@ -98,35 +103,40 @@ calculate_reply_hash(krb5_context context, Kx509Response *rep) { krb5_error_code ret; - HMAC_CTX ctx; + HMAC_CTX *ctx; - HMAC_CTX_init(&ctx); + ctx = HMAC_CTX_new(); + if (ctx == NULL) { + krb5_set_error_message(context, ENOMEM, + "HMAC context malloc failed"); + return ENOMEM; + } - HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length, + HMAC_Init_ex(ctx, key->keyvalue.data, key->keyvalue.length, EVP_sha1(), NULL); - ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx)); + ret = krb5_data_alloc(rep->hash, HMAC_size(ctx)); if (ret) { - HMAC_CTX_cleanup(&ctx); + HMAC_CTX_free(ctx); krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } - HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); + HMAC_Update(ctx, version_2_0, sizeof(version_2_0)); if (rep->error_code) { int32_t t = *rep->error_code; do { unsigned char p = (t & 0xff); - HMAC_Update(&ctx, &p, 1); + HMAC_Update(ctx, &p, 1); t >>= 8; } while (t); } if (rep->certificate) - HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length); + HMAC_Update(ctx, rep->certificate->data, rep->certificate->length); if (rep->e_text) - HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text)); + HMAC_Update(ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text)); - HMAC_Final(&ctx, rep->hash->data, 0); - HMAC_CTX_cleanup(&ctx); + HMAC_Final(ctx, rep->hash->data, 0); + HMAC_CTX_free(ctx); return 0; } |