krb5 commit [krb5-1.10]: Make kprop/kpropd work with RC4 session key

Tom Yu tlyu at MIT.EDU
Fri Feb 22 17:19:36 EST 2013


https://github.com/krb5/krb5/commit/0f105749b7821ae8675888e96a949b8d21862840
commit 0f105749b7821ae8675888e96a949b8d21862840
Author: Greg Hudson <ghudson at mit.edu>
Date:   Sun Feb 3 13:21:34 2013 -0500

    Make kprop/kpropd work with RC4 session key
    
    In krb5_auth_con_initivector and mk_priv/rd_priv, stop assuming that
    the enctype's block size is the size of the cipher state.  Instead,
    make and discard a cipher state to get the size.
    
    (cherry picked from commit 8d01455ec9ed88bd3ccae939961a6e123bb3d45f)
    
    ticket: 7575 (new)
    version_fixed: 1.10.4
    status: resolved

 src/lib/krb5/krb/auth_con.c |   20 ++++++++++----------
 src/lib/krb5/krb/mk_priv.c  |    9 +++++----
 src/lib/krb5/krb/rd_priv.c  |   10 ++++------
 3 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c
index 2ffe345..ef756cf 100644
--- a/src/lib/krb5/krb/auth_con.c
+++ b/src/lib/krb5/krb/auth_con.c
@@ -315,18 +315,18 @@ krb5_error_code KRB5_CALLCONV
 krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context)
 {
     krb5_error_code ret;
-    krb5_enctype enctype;
+    krb5_data cstate;
 
     if (auth_context->key) {
-        size_t blocksize;
-
-        enctype = krb5_k_key_enctype(context, auth_context->key);
-        if ((ret = krb5_c_block_size(context, enctype, &blocksize)))
-            return(ret);
-        if ((auth_context->i_vector = (krb5_pointer)calloc(1,blocksize))) {
-            return 0;
-        }
-        return ENOMEM;
+        ret = krb5_c_init_state(context, &auth_context->key->keyblock, 0,
+                                &cstate);
+        if (ret)
+            return ret;
+        auth_context->i_vector = (krb5_pointer)calloc(1,cstate.length);
+        krb5_c_free_state(context, &auth_context->key->keyblock, &cstate);
+        if (auth_context->i_vector == NULL)
+            return ENOMEM;
+        return 0;
     }
     return EINVAL; /* XXX need an error for no keyblock */
 }
diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c
index 62c9934..4b63f25 100644
--- a/src/lib/krb5/krb/mk_priv.c
+++ b/src/lib/krb5/krb/mk_priv.c
@@ -38,8 +38,8 @@ mk_priv_basic(krb5_context context, const krb5_data *userdata,
     krb5_error_code     retval;
     krb5_priv           privmsg;
     krb5_priv_enc_part  privmsg_enc_part;
-    krb5_data           *scratch1, *scratch2, ivdata;
-    size_t              blocksize, enclen;
+    krb5_data           *scratch1, *scratch2, cstate, ivdata;
+    size_t              enclen;
 
     privmsg.enc_part.kvno = 0;  /* XXX allow user-set? */
     privmsg.enc_part.enctype = enctype;
@@ -71,11 +71,12 @@ mk_priv_basic(krb5_context context, const krb5_data *userdata,
 
     /* call the encryption routine */
     if (i_vector) {
-        if ((retval = krb5_c_block_size(context, enctype, &blocksize)))
+        if ((retval = krb5_c_init_state(context, &key->keyblock, 0, &cstate)))
             goto clean_encpart;
 
-        ivdata.length = blocksize;
+        ivdata.length = cstate.length;
         ivdata.data = i_vector;
+        krb5_c_free_state(context, &key->keyblock, &cstate);
     }
 
     if ((retval = krb5_k_encrypt(context, key,
diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c
index 6724586..94f6a66 100644
--- a/src/lib/krb5/krb/rd_priv.c
+++ b/src/lib/krb5/krb/rd_priv.c
@@ -51,9 +51,7 @@ rd_priv_basic(krb5_context context, krb5_auth_context ac,
     krb5_priv           * privmsg;
     krb5_data             scratch;
     krb5_priv_enc_part  * privmsg_enc_part;
-    size_t                blocksize;
-    krb5_data             ivdata, *iv = NULL;
-    krb5_enctype          enctype;
+    krb5_data             cstate, ivdata, *iv = NULL;
 
     if (!krb5_is_krb_priv(inbuf))
         return KRB5KRB_AP_ERR_MSG_TYPE;
@@ -63,11 +61,11 @@ rd_priv_basic(krb5_context context, krb5_auth_context ac,
         return retval;
 
     if (ac->i_vector != NULL) {
-        enctype = krb5_k_key_enctype(context, key);
-        if ((retval = krb5_c_block_size(context, enctype, &blocksize)))
+        if ((retval = krb5_c_init_state(context, &key->keyblock, 0, &cstate)))
             goto cleanup_privmsg;
-        ivdata = make_data(ac->i_vector, blocksize);
+        ivdata = make_data(ac->i_vector, cstate.length);
         iv = &ivdata;
+        krb5_c_free_state(context, &key->keyblock, &cstate);
     }
 
     scratch.length = privmsg->enc_part.ciphertext.length;


More information about the cvs-krb5 mailing list