do the old protocol compatibly: don't pass an ivec to the underlying

encryption functions if the enctype is similar to DES.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10995 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 17 insertions, 2 deletions

diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c
index 8cbacca..5b448c8 100644
--- a/src/appl/bsd/kcmd.c
+++ b/src/appl/bsd/kcmd.c
@@ -723,6 +723,7 @@ void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck)
 {
     krb5_error_code status;
     size_t blocksize;
+    krb5_boolean similar;
 
     if (!encrypt_flag) {
 	rcmd_stream_init_normal();
@@ -736,6 +737,18 @@ void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck)
     input = v5_des_read;
     output = v5_des_write;
 
+    if (status = krb5_c_enctype_compare(bsd_context, ENCTYPE_DES_CBC_CRC,
+					keyblock->enctype,
+					&similar)) {
+	/* XXX what do I do? */
+	abort();
+    }
+
+    if (similar) {
+	encivec.length = 0;
+	return;
+    }
+
     if (status = krb5_c_block_size(bsd_context, keyblock->enctype,
 				   &blocksize)) {
 	/* XXX what do I do? */
@@ -866,7 +879,8 @@ static int v5_des_read(fd, buf, len)
     plain.data = storage;
 
     /* decrypt info */
-    if (krb5_c_decrypt(bsd_context, keyblock, KCMD_KEYUSAGE, &encivec,
+    if (krb5_c_decrypt(bsd_context, keyblock, KCMD_KEYUSAGE,
+		       encivec.length?&encivec:0,
 		       &cipher, &plain)) {
 	/* probably out of sync */
 	errno = EIO;
@@ -905,7 +919,8 @@ static int v5_des_write(fd, buf, len)
     cipher.ciphertext.length = sizeof(des_outpkt)-4;
     cipher.ciphertext.data = desoutbuf.data;
 
-    if (krb5_c_encrypt(bsd_context, keyblock, KCMD_KEYUSAGE, &encivec,
+    if (krb5_c_encrypt(bsd_context, keyblock, KCMD_KEYUSAGE,
+		       encivec.length?&encivec:0,
 		       &plain, &cipher)) {
 	errno = EIO;
 	return(-1);