[krbdev.mit.edu #9180] pkinit preauth plugin create_signature calls EVP_PKEY_size() instead of EVP_PKEY_get_size()
David Morash via RT
rt-comment at kerborg-prod-app-1.mit.edu
Thu Jul 17 14:10:34 EDT 2025
Thu Jul 17 14:10:34 2025: Request 9180 was acted upon.
Transaction: Ticket created by davidmorash at runbox.com
Queue: krb5
Subject: pkinit preauth plugin create_signature calls EVP_PKEY_size() instead of EVP_PKEY_get_size()
Owner: Nobody
Requestors: davidmorash at runbox.com
Status: new
Ticket <URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9180 >
I wasn't able to build krb5 against openssl 3.2.5 as the pkinit plugin
create_signature calls EVP_PKEY_size() instead of EVP_PKEY_get_size().
Other functions in src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
call EVP_PKEY_get_size(), so I assume this is just a missed renaming.
Patch attached if this is of any use.
Let me know if there is a better process to follow here.
-------------- next part --------------
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index cb9c79626..22e7df505 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -4038,7 +4038,7 @@ create_signature(unsigned char **sig, unsigned int *sig_len,
return ENOMEM;
EVP_SignInit(ctx, EVP_sha256());
EVP_SignUpdate(ctx, data, data_len);
- *sig_len = EVP_PKEY_size(pkey);
+ *sig_len = EVP_PKEY_get_size(pkey);
if ((*sig = malloc(*sig_len)) == NULL)
goto cleanup;
EVP_SignFinal(ctx, *sig, sig_len, pkey);
More information about the krb5-bugs
mailing list