Merge pull request #378 from night1rider/KDF-missing-aes-init

ColtonWilley · web-flow · commit 7a01744b8e9f · 2026-04-02T14:29:45.000-07:00
Fix missing AES initialization in krb5 kdf
diff --git a/src/wp_krb5kdf.c b/src/wp_krb5kdf.c
@@ -446,7 +446,7 @@ static int wp_kdf_krb5kdf_derive(wp_Krb5kdfCtx* ctx, unsigned char* key,
     size_t osize = 0;
     size_t cipherLen = 0;
     int rc;
-    Aes aes;
+    Aes aes = {0};
     byte block[AES_BLOCK_SIZE];
     byte cipherBlock[AES_BLOCK_SIZE];
     byte *plain = NULL;
@@ -457,6 +457,13 @@ static int wp_kdf_krb5kdf_derive(wp_Krb5kdfCtx* ctx, unsigned char* key,
     if (!wolfssl_prov_is_running()) {
         ok = 0;
     }
+    if (ok) {
+        rc = wc_AesInit(&aes, NULL, INVALID_DEVID);
+        if (rc != 0) {
+            WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesInit", rc);
+            ok = 0;
+        }
+    }
     if (ok && (!wp_kdf_krb5kdf_set_ctx_params(ctx, params))) {
         ok = 0;
     }
