krb5 commit [krb5-1.10]: Make kprop/kpropd work with RC4 session key
Tom Yu
tlyu at MIT.EDU
Fri Feb 22 17:19:36 EST 2013
https://github.com/krb5/krb5/commit/0f105749b7821ae8675888e96a949b8d21862840
commit 0f105749b7821ae8675888e96a949b8d21862840
Author: Greg Hudson <ghudson at mit.edu>
Date: Sun Feb 3 13:21:34 2013 -0500
Make kprop/kpropd work with RC4 session key
In krb5_auth_con_initivector and mk_priv/rd_priv, stop assuming that
the enctype's block size is the size of the cipher state. Instead,
make and discard a cipher state to get the size.
(cherry picked from commit 8d01455ec9ed88bd3ccae939961a6e123bb3d45f)
ticket: 7575 (new)
version_fixed: 1.10.4
status: resolved
src/lib/krb5/krb/auth_con.c | 20 ++++++++++----------
src/lib/krb5/krb/mk_priv.c | 9 +++++----
src/lib/krb5/krb/rd_priv.c | 10 ++++------
3 files changed, 19 insertions(+), 20 deletions(-)
diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c
index 2ffe345..ef756cf 100644
--- a/src/lib/krb5/krb/auth_con.c
+++ b/src/lib/krb5/krb/auth_con.c
@@ -315,18 +315,18 @@ krb5_error_code KRB5_CALLCONV
krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context)
{
krb5_error_code ret;
- krb5_enctype enctype;
+ krb5_data cstate;
if (auth_context->key) {
- size_t blocksize;
-
- enctype = krb5_k_key_enctype(context, auth_context->key);
- if ((ret = krb5_c_block_size(context, enctype, &blocksize)))
- return(ret);
- if ((auth_context->i_vector = (krb5_pointer)calloc(1,blocksize))) {
- return 0;
- }
- return ENOMEM;
+ ret = krb5_c_init_state(context, &auth_context->key->keyblock, 0,
+ &cstate);
+ if (ret)
+ return ret;
+ auth_context->i_vector = (krb5_pointer)calloc(1,cstate.length);
+ krb5_c_free_state(context, &auth_context->key->keyblock, &cstate);
+ if (auth_context->i_vector == NULL)
+ return ENOMEM;
+ return 0;
}
return EINVAL; /* XXX need an error for no keyblock */
}
diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c
index 62c9934..4b63f25 100644
--- a/src/lib/krb5/krb/mk_priv.c
+++ b/src/lib/krb5/krb/mk_priv.c
@@ -38,8 +38,8 @@ mk_priv_basic(krb5_context context, const krb5_data *userdata,
krb5_error_code retval;
krb5_priv privmsg;
krb5_priv_enc_part privmsg_enc_part;
- krb5_data *scratch1, *scratch2, ivdata;
- size_t blocksize, enclen;
+ krb5_data *scratch1, *scratch2, cstate, ivdata;
+ size_t enclen;
privmsg.enc_part.kvno = 0; /* XXX allow user-set? */
privmsg.enc_part.enctype = enctype;
@@ -71,11 +71,12 @@ mk_priv_basic(krb5_context context, const krb5_data *userdata,
/* call the encryption routine */
if (i_vector) {
- if ((retval = krb5_c_block_size(context, enctype, &blocksize)))
+ if ((retval = krb5_c_init_state(context, &key->keyblock, 0, &cstate)))
goto clean_encpart;
- ivdata.length = blocksize;
+ ivdata.length = cstate.length;
ivdata.data = i_vector;
+ krb5_c_free_state(context, &key->keyblock, &cstate);
}
if ((retval = krb5_k_encrypt(context, key,
diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c
index 6724586..94f6a66 100644
--- a/src/lib/krb5/krb/rd_priv.c
+++ b/src/lib/krb5/krb/rd_priv.c
@@ -51,9 +51,7 @@ rd_priv_basic(krb5_context context, krb5_auth_context ac,
krb5_priv * privmsg;
krb5_data scratch;
krb5_priv_enc_part * privmsg_enc_part;
- size_t blocksize;
- krb5_data ivdata, *iv = NULL;
- krb5_enctype enctype;
+ krb5_data cstate, ivdata, *iv = NULL;
if (!krb5_is_krb_priv(inbuf))
return KRB5KRB_AP_ERR_MSG_TYPE;
@@ -63,11 +61,11 @@ rd_priv_basic(krb5_context context, krb5_auth_context ac,
return retval;
if (ac->i_vector != NULL) {
- enctype = krb5_k_key_enctype(context, key);
- if ((retval = krb5_c_block_size(context, enctype, &blocksize)))
+ if ((retval = krb5_c_init_state(context, &key->keyblock, 0, &cstate)))
goto cleanup_privmsg;
- ivdata = make_data(ac->i_vector, blocksize);
+ ivdata = make_data(ac->i_vector, cstate.length);
iv = &ivdata;
+ krb5_c_free_state(context, &key->keyblock, &cstate);
}
scratch.length = privmsg->enc_part.ciphertext.length;
More information about the cvs-krb5
mailing list