diff options
Diffstat (limited to 'src/lib/crypto/krb/prf/dk_prf.c')
-rw-r--r-- | src/lib/crypto/krb/prf/dk_prf.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/src/lib/crypto/krb/prf/dk_prf.c b/src/lib/crypto/krb/prf/dk_prf.c index 3c9a394..9851ce7 100644 --- a/src/lib/crypto/krb/prf/dk_prf.c +++ b/src/lib/crypto/krb/prf/dk_prf.c @@ -40,27 +40,29 @@ krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key, const struct krb5_enc_provider *enc = ktp->enc; const struct krb5_hash_provider *hash = ktp->hash; krb5_crypto_iov iov; - krb5_data prfconst = make_data("prf", 3); + krb5_data cksum = empty_data(), prfconst = make_data("prf", 3); krb5_key kp = NULL; krb5_error_code ret; /* Hash the input data into an allocated buffer. */ - iov.flags = KRB5_CRYPTO_TYPE_DATA; - ret = alloc_data(&iov.data, hash->hashsize); + ret = alloc_data(&cksum, hash->hashsize); if (ret != 0) - return ret; - ret = hash->hash(1, in, &iov.data); + goto cleanup; + iov.flags = KRB5_CRYPTO_TYPE_DATA; + iov.data = *in; + ret = hash->hash(&iov, 1, &cksum); if (ret != 0) goto cleanup; - /* Truncate the hash to the closest multiple of the block size. */ - iov.data.length = (iov.data.length / enc->block_size) * enc->block_size; - /* Derive a key using the PRF constant. */ ret = krb5int_derive_key(ktp->enc, key, &kp, &prfconst); if (ret != 0) goto cleanup; + /* Truncate the hash to the closest multiple of the block size. */ + iov.data.data = cksum.data; + iov.data.length = (hash->hashsize / enc->block_size) * enc->block_size; + /* Encrypt the truncated hash in the derived key to get the output. */ ret = ktp->enc->encrypt(kp, NULL, &iov, 1); if (ret != 0) @@ -68,7 +70,7 @@ krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key, memcpy(out->data, iov.data.data, out->length); cleanup: - zapfree(iov.data.data, hash->hashsize); + zapfree(cksum.data, hash->hashsize); krb5_k_free_key(NULL, kp); return ret; } |