[17031] in Kerberos-V5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[krbdev.mit.edu #9180] pkinit preauth plugin create_signature calls

daemon@ATHENA.MIT.EDU (David Morash via RT)
Thu Jul 17 14:10:41 2025

From: "David Morash via RT" <rt-comment@kerborg-prod-app-1.mit.edu>
In-Reply-To: <670a498f-142f-427e-b871-6b79df7f1dd4@runbox.com>
Message-ID: <rt-4.4.3-2-2837457-1752775834-1231.9180-4-0@kerborg-prod-app-1.mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9180":;
Content-Type: multipart/mixed; boundary="----------=_1752775834-2837457-0"
Date: Thu, 17 Jul 2025 14:10:34 -0400
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Reply-To: rt-comment@kerborg-prod-app-1.mit.edu
Errors-To: krb5-bugs-bounces@mit.edu

This is a multi-part message in MIME format...

------------=_1752775834-2837457-0
Content-Type: text/plain; charset="utf-8"


Thu Jul 17 14:10:34 2025: Request 9180 was acted upon.
 Transaction: Ticket created by davidmorash@runbox.com
       Queue: krb5
     Subject: pkinit preauth plugin create_signature calls EVP_PKEY_size() instead of EVP_PKEY_get_size()
       Owner: Nobody
  Requestors: davidmorash@runbox.com
      Status: new
 Ticket <URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9180 >


I wasn't able to build krb5 against openssl 3.2.5 as the pkinit plugin 
create_signature calls EVP_PKEY_size() instead of EVP_PKEY_get_size().

Other functions in src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 
call EVP_PKEY_get_size(), so I assume this is just a missed renaming.

Patch attached if this is of any use.

Let me know if there is a better process to follow here.

------------=_1752775834-2837457-0
Content-Type: text/plain;
 charset="utf-8";
 name="pkinit-plugin-EVP_PKEY_get_size.patch"
Content-Disposition: attachment;
 filename="pkinit-plugin-EVP_PKEY_get_size.patch"
Content-Transfer-Encoding: 7bit
RT-Attachment: 9180/103681/25861

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index cb9c79626..22e7df505 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -4038,7 +4038,7 @@ create_signature(unsigned char **sig, unsigned int *sig_len,
         return ENOMEM;
     EVP_SignInit(ctx, EVP_sha256());
     EVP_SignUpdate(ctx, data, data_len);
-    *sig_len = EVP_PKEY_size(pkey);
+    *sig_len = EVP_PKEY_get_size(pkey);
     if ((*sig = malloc(*sig_len)) == NULL)
         goto cleanup;
     EVP_SignFinal(ctx, *sig, sig_len, pkey);


------------=_1752775834-2837457-0
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

------------=_1752775834-2837457-0--


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[17031] in Kerberos-V5-bugs

[krbdev.mit.edu #9180] pkinit preauth plugin create_signature calls

daemon@ATHENA.MIT.EDU (David Morash via RT)Thu Jul 17 14:10:41 2025

daemon@ATHENA.MIT.EDU (David Morash via RT)
Thu Jul 17 14:10:41 2025