From cdf39f13699e1a8ad972d70e33ce31f1bbc5f497 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sat, 15 Mar 2014 14:48:01 -0400 Subject: [PATCH] Fix DES3 PRF RFC 3961 says the simplified profile PRF should truncate the hash output to "multiple of m", which MIT krb5 interprets as the largest possible multiple of m. RFC 6113 appendix A also uses that interpretation for the KRB-FX-CF2 test vector. So the DES3 PRF should truncate the 20-byte SHA-1 result to 16 bytes, not 8. Also make krb5_crypto_prf_length work with DES3 by giving the DES3 enctype a non-zero PRF length. Signed-off-by: Nicolas Williams --- lib/krb5/crypto-des3.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/krb5/crypto-des3.c b/lib/krb5/crypto-des3.c index 5cbe4c05a..37fadf591 100644 --- a/lib/krb5/crypto-des3.c +++ b/lib/krb5/crypto-des3.c @@ -85,7 +85,7 @@ DES3_prf(krb5_context context, if (ret) krb5_abortx(context, "krb5_derive_key"); - ret = krb5_data_alloc(out, crypto->et->blocksize); + ret = krb5_data_alloc(out, crypto->et->prf_length); if (ret) krb5_abortx(context, "malloc failed"); @@ -96,7 +96,7 @@ DES3_prf(krb5_context context, EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */ EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1); EVP_Cipher(&ctx, out->data, result.checksum.data, - crypto->et->blocksize); + crypto->et->prf_length); EVP_CIPHER_CTX_cleanup(&ctx); } @@ -210,7 +210,7 @@ struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1 = { &_krb5_checksum_hmac_sha1_des3, F_DERIVED, _krb5_evp_encrypt, - 0, + 16, DES3_prf }; -- 2.11.4.GIT