* arcfour.c (krb5_arcfour_decrypt): Return error if salt cannot be allocated

	(krb5_arcfour_encrypt): Only memset bits of key to known value
on export-grade crypto
	* arcfour.c (arcfour_translate_usage): Attempt to implement based
	on draft-brezak-win2k-krb-rc4-hmac-03.  Several usages remain unclear.
	Make 40-bit string not unsigned to avoid warning
	(krb5_arcfour_encrypt krb5_arcfour_decrypt):  cast to avoid
pointer warnings

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13824 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/arcfour/ChangeLog b/src/lib/crypto/arcfour/ChangeLog
new file mode 100644 (file)
index 0000000..c9b641a
--- /dev/null
+++ b/src/lib/crypto/arcfour/ChangeLog
@@ -0,0 +1,12 @@
+2001-10-19  Sam Hartman  <hartmans@mit.edu>
+
+       * arcfour.c (krb5_arcfour_decrypt): Return error if salt cannot be allocated
+       (krb5_arcfour_encrypt): Only memset bits of key to known value on export-grade crypto
+
+2001-10-18  Sam Hartman  <hartmans@mit.edu>
+
+       * arcfour.c (arcfour_translate_usage): Attempt to implement based
+       on draft-brezak-win2k-krb-rc4-hmac-03.  Several usages remain unclear.
+       Make 40-bit string not unsigned to avoid warning
+       (krb5_arcfour_encrypt krb5_arcfour_decrypt):  cast to avoid pointer warnings
+

diff --git a/src/lib/crypto/arcfour/arcfour.c b/src/lib/crypto/arcfour/arcfour.c
index d96a6518d38e7182ddf0e9e4634cc1fda516c0af..b26a3f330fd9f5322da3c4ebdc042cf439527371 100644 (file)
--- a/src/lib/crypto/arcfour/arcfour.c
+++ b/src/lib/crypto/arcfour/arcfour.c
@@ -8,7 +8,7 @@ of RSA Data Security)
 */
 #include "k5-int.h"
 #include "arcfour-int.h"
-const unsigned char *l40 = "fortybits";
+const  char *l40 = "fortybits";
 
 void
 krb5_arcfour_encrypt_length(enc, hash, inputlen, length)
@@ -29,7 +29,35 @@ krb5_arcfour_encrypt_length(enc, hash, inputlen, length)
 
 static krb5_keyusage arcfour_translate_usage(krb5_keyusage usage)
 {
-  return usage;
+  switch (usage) {
+  case 1:                      /* AS-REQ PA-ENC-TIMESTAMP padata timestamp,  */
+    /*Microsoft does not actually support this padata, not sure which usage they would use*/
+    return 1;
+  case 2:                      /* ticket from kdc */
+    return 2;
+  case 3:                      /* as-rep encrypted part */
+    return 8;
+  case 4:                      /* tgs-req authz data */
+    return 4;                  /* xxx Microsoft doesn't say */
+  case 5:                      /* tgs-req authz data in subkey */
+    return 5;                  /* xxx Microsoft doesn't say */
+  case 6:                      /* tgs-req authenticator cksum */
+    return 6;                  /* xxx Microsoft  doesn't say*/
+case 7:                                /* tgs-req authenticator */
+  return 7;
+    case 8:
+    return 8;
+  case 9:                      /* tgs-rep encrypted with subkey */
+    return 8;
+  case 10:                     /* ap-rep authentication cksum */
+    return 10;                 /* xxx Microsoft didn't say */
+  case 11:                     /* app-req authenticator */
+    return 11;
+  case 12:                     /* app-rep encrypted part */
+    return 12;
+  default:
+      return usage;
+}
 }
 
 krb5_error_code
@@ -58,7 +86,7 @@ krb5_arcfour_encrypt(enc, hash, key, usage, ivec, input, output)
     return (ENOMEM);
   memcpy(&k1, key, sizeof (krb5_keyblock));
   k1.length=d1.length;
-  k1.contents=d1.data;
+  k1.contents= (void *) d1.data;
 
   d2.length=keybytes;
   d2.data=malloc(d2.length);
@@ -68,7 +96,7 @@ krb5_arcfour_encrypt(enc, hash, key, usage, ivec, input, output)
   }
   memcpy(&k2, key, sizeof (krb5_keyblock));
   k2.length=d2.length;
-  k2.contents=d2.data;
+  k2.contents=(void *) d2.data;
 
   d3.length=keybytes;
   d3.data=malloc(d3.length);
@@ -79,7 +107,7 @@ krb5_arcfour_encrypt(enc, hash, key, usage, ivec, input, output)
   }
   memcpy(&k3, key, sizeof (krb5_keyblock));
   k3.length=d3.length;
-  k3.contents=d3.data;
+  k3.contents= (void *) d3.data;
   
   salt.length=14;
   salt.data=malloc(salt.length);
@@ -129,7 +157,7 @@ krb5_arcfour_encrypt(enc, hash, key, usage, ivec, input, output)
 
   memcpy(k2.contents, k1.contents, k2.length);
 
-  if (key->enctype==ENCTYPE_ARCFOUR_HMAC)
+  if (key->enctype==ENCTYPE_ARCFOUR_HMAC_EXP)
     memset(k1.contents+7, 0xab, 9);
 
   ret=krb5_c_random_make_octets(/* XXX */ 0, &confounder);
@@ -185,7 +213,7 @@ krb5_arcfour_decrypt(enc, hash, key, usage, ivec, input, output)
     return (ENOMEM);
   memcpy(&k1, key, sizeof (krb5_keyblock));
   k1.length=d1.length;
-  k1.contents=d1.data;
+  k1.contents= (void *) d1.data;
   
   d2.length=keybytes;
   d2.data=malloc(d2.length);
@@ -195,7 +223,7 @@ krb5_arcfour_decrypt(enc, hash, key, usage, ivec, input, output)
   }
   memcpy(&k2, key, sizeof(krb5_keyblock));
   k2.length=d2.length;
-  k2.contents=d2.data;
+  k2.contents= (void *) d2.data;
 
   d3.length=keybytes;
   d3.data=malloc(d3.length);
@@ -206,7 +234,7 @@ krb5_arcfour_decrypt(enc, hash, key, usage, ivec, input, output)
   }
   memcpy(&k3, key, sizeof(krb5_keyblock));
   k3.length=d3.length;
-  k3.contents=d3.data;
+  k3.contents= (void *) d3.data;
 
   salt.length=14;
   salt.data=malloc(salt.length);
@@ -214,6 +242,7 @@ krb5_arcfour_decrypt(enc, hash, key, usage, ivec, input, output)
     free(d1.data);
     free(d2.data);
     free(d3.data);
+    return (ENOMEM);
   }
 
   ciphertext.length=input->length-hashsize;
@@ -225,6 +254,7 @@ krb5_arcfour_decrypt(enc, hash, key, usage, ivec, input, output)
     free(d2.data);
     free(d3.data);
     free(salt.data);
+    return (ENOMEM);
   }
 
   checksum.length=hashsize;