1 files changed, 8 insertions, 11 deletions

diff --git a/src/mongo/db/auth/sasl_plain_server_conversation.cpp b/src/mongo/db/auth/sasl_plain_server_conversation.cpp
index 31945f6e9a6..cf7f2cdeaa5 100644
--- a/src/mongo/db/auth/sasl_plain_server_conversation.cpp
+++ b/src/mongo/db/auth/sasl_plain_server_conversation.cpp
@@ -28,7 +28,6 @@
 
 #include "mongo/db/auth/sasl_plain_server_conversation.h"
 
-#include "mongo/base/secure_allocator.h"
 #include "mongo/crypto/mechanism_scram.h"
 #include "mongo/db/auth/sasl_authentication_session.h"
 #include "mongo/util/base64.h"
@@ -115,18 +114,16 @@ StatusWith<bool> SaslPLAINServerConversation::step(StringData inputData, std::st
         }
     } else {
         // Handle schemaVersion28SCRAM (SCRAM only mode)
-        unsigned char storedKey[scram::hashSize];
-        unsigned char serverKey[scram::hashSize];
-
-        scram::generateSecrets(
+        std::string decodedSalt = base64::decode(creds.scram.salt);
+        scram::SCRAMSecrets secrets = scram::generateSecrets(scram::SCRAMPresecrets(
             authDigest,
-            reinterpret_cast<const unsigned char*>(base64::decode(creds.scram.salt).c_str()),
-            16,
-            creds.scram.iterationCount,
-            storedKey,
-            serverKey);
+            std::vector<std::uint8_t>(reinterpret_cast<const std::uint8_t*>(decodedSalt.c_str()),
+                                      reinterpret_cast<const std::uint8_t*>(decodedSalt.c_str()) +
+                                          16),
+            creds.scram.iterationCount));
         if (creds.scram.storedKey !=
-            base64::encode(reinterpret_cast<const char*>(storedKey), scram::hashSize)) {
+            base64::encode(reinterpret_cast<const char*>(secrets.storedKey->data()),
+                           secrets.storedKey->size())) {
             return StatusWith<bool>(ErrorCodes::AuthenticationFailed,
                                     mongoutils::str::stream() << "Incorrect user name or password");
         }