diff options
Diffstat (limited to 'src/lib/crypto/builtin/aes/aes_s2k.c')
-rw-r--r-- | src/lib/crypto/builtin/aes/aes_s2k.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/src/lib/crypto/builtin/aes/aes_s2k.c b/src/lib/crypto/builtin/aes/aes_s2k.c index 36045edc0d..76d73c6357 100644 --- a/src/lib/crypto/builtin/aes/aes_s2k.c +++ b/src/lib/crypto/builtin/aes/aes_s2k.c @@ -44,6 +44,7 @@ krb5int_aes_string_to_key(const struct krb5_enc_provider *enc, unsigned long iter_count; krb5_data out; static const krb5_data usage = { KV5M_DATA, 8, "kerberos" }; + krb5_key tempkey = NULL; krb5_error_code err; if (params) { @@ -66,25 +67,25 @@ krb5int_aes_string_to_key(const struct krb5_enc_provider *enc, if (iter_count >= MAX_ITERATION_COUNT) return KRB5_ERR_BAD_S2K_PARAMS; - /* - * Dense key space, no parity bits or anything, so take a shortcut - * and use the key contents buffer for the generated bytes. - */ + /* Use the output keyblock contents for temporary space. */ out.data = (char *) key->contents; out.length = key->length; if (out.length != 16 && out.length != 32) return KRB5_CRYPTO_INTERNAL; err = krb5int_pbkdf2_hmac_sha1 (&out, iter_count, string, salt); - if (err) { - memset(out.data, 0, out.length); - return err; - } + if (err) + goto cleanup; - err = krb5_derive_key (enc, key, key, &usage); - if (err) { - memset(out.data, 0, out.length); - return err; - } - return 0; + err = krb5_k_create_key (NULL, key, &tempkey); + if (err) + goto cleanup; + + err = krb5_derive_keyblock (enc, tempkey, key, &usage); + +cleanup: + if (err) + memset (out.data, 0, out.length); + krb5_k_free_key (NULL, tempkey); + return err; } |