krb5 commit: Display unsupported enctype names

Greg Hudson ghudson at mit.edu
Tue May 28 15:00:57 EDT 2019


https://github.com/krb5/krb5/commit/ebbc6e8e99ee9d5d757411200a6a3173171774df
commit ebbc6e8e99ee9d5d757411200a6a3173171774df
Author: Greg Hudson <ghudson at mit.edu>
Date:   Tue May 21 13:34:39 2019 -0400

    Display unsupported enctype names
    
    Add a table of unsupported enctype numbers to enctype_util.c and
    consult it in krb5_enctype_to_name().  Treat unsupported enctype
    numbers as deprecated in krb5int_c_deprecated_enctype().  In kadmin,
    display "UNSUPPORTED:" before invalid enctype names.
    
    ticket: 8808

 src/kadmin/cli/kadmin.c           |    4 +++-
 src/lib/crypto/krb/enctype_util.c |   22 +++++++++++++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index fe4cb49..b4d1aad 100644
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -1461,7 +1461,9 @@ kadmin_getprinc(int argc, char *argv[])
                                      enctype, sizeof(enctype)))
                 snprintf(enctype, sizeof(enctype), _("<Encryption type 0x%x>"),
                          key_data->key_data_type[0]);
-            if (krb5int_c_deprecated_enctype(key_data->key_data_type[0]))
+            if (!krb5_c_valid_enctype(key_data->key_data_type[0]))
+                deprecated = "UNSUPPORTED:";
+            else if (krb5int_c_deprecated_enctype(key_data->key_data_type[0]))
                 deprecated = "DEPRECATED:";
             printf("Key: vno %d, %s%s", key_data->key_data_kvno, deprecated,
                    enctype);
diff --git a/src/lib/crypto/krb/enctype_util.c b/src/lib/crypto/krb/enctype_util.c
index e394f4e..1542d40 100644
--- a/src/lib/crypto/krb/enctype_util.c
+++ b/src/lib/crypto/krb/enctype_util.c
@@ -36,6 +36,18 @@
 
 #include "crypto_int.h"
 
+struct {
+    krb5_enctype etype;
+    const char *name;
+} unsupported_etypes[] = {
+    { ENCTYPE_DES_CBC_CRC, "des-cbc-crc" },
+    { ENCTYPE_DES_CBC_MD4, "des-cbc-md4" },
+    { ENCTYPE_DES_CBC_MD5, "des-cbc-md5" },
+    { ENCTYPE_DES_CBC_RAW, "des-cbc-raw" },
+    { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1" },
+    { ENCTYPE_NULL, NULL }
+};
+
 krb5_boolean KRB5_CALLCONV
 krb5_c_valid_enctype(krb5_enctype etype)
 {
@@ -55,7 +67,7 @@ krb5_boolean KRB5_CALLCONV
 krb5int_c_deprecated_enctype(krb5_enctype etype)
 {
     const struct krb5_keytypes *ktp = find_enctype(etype);
-    return ktp != NULL && (ktp->flags & ETYPE_DEPRECATED) != 0;
+    return ktp == NULL || (ktp->flags & ETYPE_DEPRECATED) != 0;
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -122,6 +134,14 @@ krb5_enctype_to_name(krb5_enctype enctype, krb5_boolean shortest,
     const char *name;
     int i;
 
+    for (i = 0; unsupported_etypes[i].etype != ENCTYPE_NULL; i++) {
+        if (enctype == unsupported_etypes[i].etype) {
+            if (strlcpy(buffer, unsupported_etypes[i].name, buflen) >= buflen)
+                return ENOMEM;
+            return 0;
+        }
+    }
+
     ktp = find_enctype(enctype);
     if (ktp == NULL)
         return EINVAL;


More information about the cvs-krb5 mailing list