diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-02-03 13:21:34 -0500 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2013-02-22 17:10:49 -0500 |
commit | 0f105749b7821ae8675888e96a949b8d21862840 (patch) | |
tree | c67fe4a71e73b351d75818be2527c97bf5a69713 | |
parent | 8e31374995eaa4515323e56d1579ee7ad0ebc4ca (diff) | |
download | krb5-0f105749b7821ae8675888e96a949b8d21862840.zip krb5-0f105749b7821ae8675888e96a949b8d21862840.tar.gz krb5-0f105749b7821ae8675888e96a949b8d21862840.tar.bz2 |
Make kprop/kpropd work with RC4 session key
In krb5_auth_con_initivector and mk_priv/rd_priv, stop assuming that
the enctype's block size is the size of the cipher state. Instead,
make and discard a cipher state to get the size.
(cherry picked from commit 8d01455ec9ed88bd3ccae939961a6e123bb3d45f)
ticket: 7575 (new)
version_fixed: 1.10.4
status: resolved
-rw-r--r-- | src/lib/krb5/krb/auth_con.c | 20 | ||||
-rw-r--r-- | src/lib/krb5/krb/mk_priv.c | 9 | ||||
-rw-r--r-- | src/lib/krb5/krb/rd_priv.c | 10 |
3 files changed, 19 insertions, 20 deletions
diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c index 2ffe345..ef756cf 100644 --- a/src/lib/krb5/krb/auth_con.c +++ b/src/lib/krb5/krb/auth_con.c @@ -315,18 +315,18 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context) { krb5_error_code ret; - krb5_enctype enctype; + krb5_data cstate; if (auth_context->key) { - size_t blocksize; - - enctype = krb5_k_key_enctype(context, auth_context->key); - if ((ret = krb5_c_block_size(context, enctype, &blocksize))) - return(ret); - if ((auth_context->i_vector = (krb5_pointer)calloc(1,blocksize))) { - return 0; - } - return ENOMEM; + ret = krb5_c_init_state(context, &auth_context->key->keyblock, 0, + &cstate); + if (ret) + return ret; + auth_context->i_vector = (krb5_pointer)calloc(1,cstate.length); + krb5_c_free_state(context, &auth_context->key->keyblock, &cstate); + if (auth_context->i_vector == NULL) + return ENOMEM; + return 0; } return EINVAL; /* XXX need an error for no keyblock */ } diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c index 62c9934..4b63f25 100644 --- a/src/lib/krb5/krb/mk_priv.c +++ b/src/lib/krb5/krb/mk_priv.c @@ -38,8 +38,8 @@ mk_priv_basic(krb5_context context, const krb5_data *userdata, krb5_error_code retval; krb5_priv privmsg; krb5_priv_enc_part privmsg_enc_part; - krb5_data *scratch1, *scratch2, ivdata; - size_t blocksize, enclen; + krb5_data *scratch1, *scratch2, cstate, ivdata; + size_t enclen; privmsg.enc_part.kvno = 0; /* XXX allow user-set? */ privmsg.enc_part.enctype = enctype; @@ -71,11 +71,12 @@ mk_priv_basic(krb5_context context, const krb5_data *userdata, /* call the encryption routine */ if (i_vector) { - if ((retval = krb5_c_block_size(context, enctype, &blocksize))) + if ((retval = krb5_c_init_state(context, &key->keyblock, 0, &cstate))) goto clean_encpart; - ivdata.length = blocksize; + ivdata.length = cstate.length; ivdata.data = i_vector; + krb5_c_free_state(context, &key->keyblock, &cstate); } if ((retval = krb5_k_encrypt(context, key, diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index 6724586..94f6a66 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -51,9 +51,7 @@ rd_priv_basic(krb5_context context, krb5_auth_context ac, krb5_priv * privmsg; krb5_data scratch; krb5_priv_enc_part * privmsg_enc_part; - size_t blocksize; - krb5_data ivdata, *iv = NULL; - krb5_enctype enctype; + krb5_data cstate, ivdata, *iv = NULL; if (!krb5_is_krb_priv(inbuf)) return KRB5KRB_AP_ERR_MSG_TYPE; @@ -63,11 +61,11 @@ rd_priv_basic(krb5_context context, krb5_auth_context ac, return retval; if (ac->i_vector != NULL) { - enctype = krb5_k_key_enctype(context, key); - if ((retval = krb5_c_block_size(context, enctype, &blocksize))) + if ((retval = krb5_c_init_state(context, &key->keyblock, 0, &cstate))) goto cleanup_privmsg; - ivdata = make_data(ac->i_vector, blocksize); + ivdata = make_data(ac->i_vector, cstate.length); iv = &ivdata; + krb5_c_free_state(context, &key->keyblock, &cstate); } scratch.length = privmsg->enc_part.ciphertext.length; |