diff options
author | Marc Horowitz <marc@mit.edu> | 1998-10-27 08:08:29 +0000 |
---|---|---|
committer | Marc Horowitz <marc@mit.edu> | 1998-10-27 08:08:29 +0000 |
commit | 01b6391bc2da51fc1629eccb6278138fcbc5aa88 (patch) | |
tree | ac539e0c459dd7aa955c7a37f523906b16de1230 | |
parent | 2a61064facf7bc6c441d9f8259bccc85c18b2b65 (diff) | |
download | krb5-01b6391bc2da51fc1629eccb6278138fcbc5aa88.zip krb5-01b6391bc2da51fc1629eccb6278138fcbc5aa88.tar.gz krb5-01b6391bc2da51fc1629eccb6278138fcbc5aa88.tar.bz2 |
do the old protocol compatibly: don't pass an ivec to the underlying
encryption functions if the enctype is similar to DES.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10995 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/appl/bsd/kcmd.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index 8cbacca..5b448c8 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -723,6 +723,7 @@ void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck) { krb5_error_code status; size_t blocksize; + krb5_boolean similar; if (!encrypt_flag) { rcmd_stream_init_normal(); @@ -736,6 +737,18 @@ void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck) input = v5_des_read; output = v5_des_write; + if (status = krb5_c_enctype_compare(bsd_context, ENCTYPE_DES_CBC_CRC, + keyblock->enctype, + &similar)) { + /* XXX what do I do? */ + abort(); + } + + if (similar) { + encivec.length = 0; + return; + } + if (status = krb5_c_block_size(bsd_context, keyblock->enctype, &blocksize)) { /* XXX what do I do? */ @@ -866,7 +879,8 @@ static int v5_des_read(fd, buf, len) plain.data = storage; /* decrypt info */ - if (krb5_c_decrypt(bsd_context, keyblock, KCMD_KEYUSAGE, &encivec, + if (krb5_c_decrypt(bsd_context, keyblock, KCMD_KEYUSAGE, + encivec.length?&encivec:0, &cipher, &plain)) { /* probably out of sync */ errno = EIO; @@ -905,7 +919,8 @@ static int v5_des_write(fd, buf, len) cipher.ciphertext.length = sizeof(des_outpkt)-4; cipher.ciphertext.data = desoutbuf.data; - if (krb5_c_encrypt(bsd_context, keyblock, KCMD_KEYUSAGE, &encivec, + if (krb5_c_encrypt(bsd_context, keyblock, KCMD_KEYUSAGE, + encivec.length?&encivec:0, &plain, &cipher)) { errno = EIO; return(-1); |