remove some XXX markers

[mech_eap.orig] / util_krb.c

diff --git a/util_krb.c b/util_krb.c
index 3607ec5..34d6cb6 100644 (file)
--- a/util_krb.c
+++ b/util_krb.c
@@ -30,6 +30,10 @@
  * SUCH DAMAGE.
  */
 
+/*
+ * Kerberos 5 helpers.
+ */
+
 #include "gssapiP_eap.h"
 
 static GSSEAP_THREAD_ONCE krbContextKeyOnce = GSSEAP_ONCE_INITIALIZER;
@@ -73,12 +77,13 @@ gssEapKerberosInit(OM_uint32 *minor, krb5_context *context)
 }
 
 /*
- * Derive a key for RFC 4121 use by using the following
- * derivation function:
+ * Derive a key K for RFC 4121 use by using the following
+ * derivation function (based on RFC 4402);
  *
- *    random-to-key(prf(random-to-key([e]msk), "rfc4121-gss-eap"))
- *
- * where random-to-key and prf are defined in RFC 3961.
+ * KMSK = random-to-key(MSK)
+ * Tn = pseudo-random(KMSK, n || "rfc4121-gss-eap")
+ * L = output key size
+ * K = truncate(L, T1 || T2 || .. || Tn)
  */
 OM_uint32
 gssEapDeriveRfc3961Key(OM_uint32 *minor,
@@ -95,6 +100,8 @@ gssEapDeriveRfc3961Key(OM_uint32 *minor,
     unsigned char constant[4 + sizeof("rfc4121-gss-eap") - 1], *p;
     ssize_t i, remain;
 
+    assert(encryptionType != ENCTYPE_NULL);
+
     memset(pKey, 0, sizeof(*pKey));
 
     GSSEAP_KRB_INIT(&krbContext);
@@ -105,6 +112,9 @@ gssEapDeriveRfc3961Key(OM_uint32 *minor,
     t.data = NULL;
     t.length = 0;
 
+    prfOut.data = NULL;
+    prfOut.length = 0;
+
     code = krb5_c_keylengths(krbContext, encryptionType,
                              &randomLength, &keyLength);
     if (code != 0)