encode_kdc.c (krb5_encode_kdc_rep): Now requires that the

author Theodore Tso <tytso@mit.edu>

Mon, 21 Nov 1994 20:33:53 +0000 (20:33 +0000)

committer Theodore Tso <tytso@mit.edu>

Mon, 21 Nov 1994 20:33:53 +0000 (20:33 +0000)
author Theodore Tso <tytso@mit.edu>
Mon, 21 Nov 1994 20:33:53 +0000 (20:33 +0000)
committer Theodore Tso <tytso@mit.edu>
Mon, 21 Nov 1994 20:33:53 +0000 (20:33 +0000)
diff --git a/src/include/krb5/ChangeLog b/src/include/krb5/ChangeLog

index 8709b1a37d96fd37050c91aae948ef7d93a92691..cd5855dddee4bccf05fc34a82b3c5c696fb406d8 100644 (file)
--- a/src/include/krb5/ChangeLog
+++ b/src/include/krb5/ChangeLog
@@ -1,3 +1,12 @@
+Mon Nov 21 14:43:14 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+       * func-proto.h (krb5_encode_kdc_rep, krb5_encrypt_tkt_part):
+               Change to use new function prototypes.
+
+       * encryption.h (krb5_eblock_keytype, krb5_eblock_enctype): Define
+               new macros for finding the key type and encryption type of
+               an encrypion block.
+
  Fri Nov 18 17:53:38 1994  Theodore Y. Ts'o  (tytso@dcl)
  
         * kdb.h (KRB5_KDB_SUPPORT_DESMD5): Add new attribute which defines
diff --git a/src/include/krb5/encryption.h b/src/include/krb5/encryption.h

index 235b38ab4666becb599872d763d3c25d5d4df050..b8978d7a9f5fc361a78d584f34e1b97c547362aa 100644 (file)
--- a/src/include/krb5/encryption.h
+++ b/src/include/krb5/encryption.h
@@ -193,6 +193,9 @@ extern int krb5_max_cksum;          /* max entry in array */
  #define krb5_finish_random_key(eblock, ptr) (*(eblock)->crypto_entry->finish_random_key)(ptr)
  #define krb5_random_key(eblock, ptr, keyblock) (*(eblock)->crypto_entry->random_key)(eblock, ptr, keyblock)
  
+#define krb5_eblock_keytype(eblockp) ((eblockp)->crypto_entry->proto_keytype)
+#define krb5_eblock_enctype(eblockp) ((eblockp)->crypto_entry->proto_enctype)
+
  /*
   * Here's the stuff for the checksum switch:
   */
diff --git a/src/include/krb5/func-proto.h b/src/include/krb5/func-proto.h

index faf9db40c1bd198341b50d59ef3331f27bd9ea0a..581994e4ced1e4ce7ecc00b4ddba005e5d480196 100644 (file)
--- a/src/include/krb5/func-proto.h
+++ b/src/include/krb5/func-proto.h
@@ -37,7 +37,8 @@ krb5_error_code krb5_encode_ticket
         PROTOTYPE((const krb5_ticket *,
                    krb5_data ** ));
  krb5_error_code krb5_encrypt_tkt_part
-       PROTOTYPE((const krb5_keyblock *,
+       PROTOTYPE((krb5_encrypt_block *,
+                  const krb5_keyblock *,
                    krb5_ticket * ));
  krb5_error_code krb5_decrypt_tkt_part
         PROTOTYPE((const krb5_keyblock *,
@@ -307,6 +308,7 @@ void krb5_free_tkt_authent
  krb5_error_code krb5_encode_kdc_rep
         PROTOTYPE((const krb5_msgtype,
                    const krb5_enc_kdc_rep_part *,
+                  krb5_encrypt_block *,
                    const krb5_keyblock *,
                    krb5_kdc_rep *,
                    krb5_data ** ));
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog

index b68f11e41559f2cc1cfe7649ac078f48b697ba91..a9ed389f9a9ff8f822331d255686e1f3353f4102 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,20 @@
+Mon Nov 21 15:30:07 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+       * encode_kdc.c (krb5_encode_kdc_rep): Now requires that the
+               caller pass in the encryption block to be used for
+               encrpyting the ticket.  That way, this routine doesn't
+               need to create its own encryption block.
+
+       * encrypt_tk.c (krb5_encrypt_tkt_part): Now requires that the
+               caller pass in the encryption block to be used for
+               encrpyting the ticket.  That way, this routine doesn't
+               need to create its own encryption block.
+
+Fri Nov 18 17:30:44 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+       * mk_req_ext.c (krb5_mk_req_extended): Encrypt the authenticator
+               using the same encryption system used to encrypt the ticket.
+
  Thu Nov 17 01:56:05 1994  Theodore Y. Ts'o  (tytso@dcl)
  
         * gc_via_tgt.c (krb5_get_cred_via_tgt): 
diff --git a/src/lib/krb5/krb/encode_kdc.c b/src/lib/krb5/krb/encode_kdc.c

index 4270c57b4c4efee1f61f7d9e676375fbdc360085..6b01b64d2dc02844bdce65af4bdfd567775316f3 100644 (file)
--- a/src/lib/krb5/krb/encode_kdc.c
+++ b/src/lib/krb5/krb/encode_kdc.c
@@ -46,17 +46,18 @@
  krb5_error_code
  krb5_encode_kdc_rep(DECLARG(const krb5_msgtype, type),
                     DECLARG(const krb5_enc_kdc_rep_part *, encpart),
+                   DECLARG(krb5_encrypt_block *, eblock),
                     DECLARG(const krb5_keyblock *, client_key),
                     DECLARG(krb5_kdc_rep *, dec_rep),
                     DECLARG(krb5_data **, enc_rep))
  OLDDECLARG(const krb5_msgtype, type)
  OLDDECLARG(const krb5_enc_kdc_rep_part *, encpart)
+OLDDECLARG(krb5_encrypt_block *, eblock)
  OLDDECLARG(const krb5_keyblock *, client_key)
  OLDDECLARG(krb5_kdc_rep *, dec_rep)
  OLDDECLARG(krb5_data **, enc_rep)
  {
      krb5_data *scratch;
-    krb5_encrypt_block eblock;
      krb5_error_code retval;
      krb5_enc_kdc_rep_part tmp_encpart;
  
@@ -77,7 +78,7 @@ OLDDECLARG(krb5_data **, enc_rep)
       * type correct.
       * 
       * Although note that it may be doing nothing with the message
-     * type, to be compatible with old versions of Kerberos that ways
+     * type, to be compatible with old versions of Kerberos that always
       * encode this as a TGS_REP regardly of what it really should be;
       * also note that the reason why we are passing it in a structure
       * instead of as an argument to encode_krb5_enc_kdc_rep_part (the
@@ -95,11 +96,8 @@ OLDDECLARG(krb5_data **, enc_rep)
  #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
  krb5_free_data(scratch); }
  
-    /* put together an eblock for this encryption */
-
-    krb5_use_cstype(&eblock, dec_rep->enc_part.etype);
      dec_rep->enc_part.ciphertext.length =
-       krb5_encrypt_size(scratch->length, eblock.crypto_entry);
+       krb5_encrypt_size(scratch->length, eblock->crypto_entry);
      /* add padding area, and zero it */
      if (!(scratch->data = realloc(scratch->data,
                                   dec_rep->enc_part.ciphertext.length))) {
@@ -122,24 +120,26 @@ free(dec_rep->enc_part.ciphertext.data); \
  dec_rep->enc_part.ciphertext.length = 0; \
  dec_rep->enc_part.ciphertext.data = 0;}
  
-    retval = krb5_process_key(&eblock, client_key);
+    retval = krb5_process_key(eblock, client_key);
      if (retval) {
         goto clean_encpart;
      }
  
-#define cleanup_prockey() {(void) krb5_finish_key(&eblock);}
+#define cleanup_prockey() {(void) krb5_finish_key(eblock);}
  
      retval = krb5_encrypt((krb5_pointer) scratch->data,
                               (krb5_pointer) dec_rep->enc_part.ciphertext.data,
-                             scratch->length, &eblock, 0);
+                             scratch->length, eblock, 0);
      if (retval) {
         goto clean_prockey;
      }
  
+    dec_rep->enc_part.etype = krb5_eblock_enctype(eblock);
+
      /* do some cleanup */
      cleanup_scratch();
  
-    retval = krb5_finish_key(&eblock);
+    retval = krb5_finish_key(eblock);
      if (retval) {
         cleanup_encpart();
         return retval;
diff --git a/src/lib/krb5/krb/encrypt_tk.c b/src/lib/krb5/krb/encrypt_tk.c

index 4051ca6bb347c0d18e531fe651bbb0a84458a45f..bb263da00716ff2a8a4efd4f2ac99ff5313bc1a0 100644 (file)
--- a/src/lib/krb5/krb/encrypt_tk.c
+++ b/src/lib/krb5/krb/encrypt_tk.c
@@ -44,20 +44,15 @@
  */
  
  krb5_error_code
-krb5_encrypt_tkt_part(srv_key, dec_ticket)
+krb5_encrypt_tkt_part(eblock, srv_key, dec_ticket)
+krb5_encrypt_block *eblock;
  const krb5_keyblock *srv_key;
  register krb5_ticket *dec_ticket;
  {
      krb5_data *scratch;
      krb5_error_code retval;
-    krb5_encrypt_block eblock;
      register krb5_enc_tkt_part *dec_tkt_part = dec_ticket->enc_part2;
  
-    /* encrypt the encrypted part */
-
-    if (!valid_etype(dec_ticket->enc_part.etype))
-       return KRB5_PROG_ETYPE_NOSUPP;
-
      /*  start by encoding the to-be-encrypted part. */
      if (retval = encode_krb5_enc_tkt_part(dec_tkt_part, &scratch)) {
         return retval;
@@ -66,12 +61,8 @@ register krb5_ticket *dec_ticket;
  #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
  krb5_free_data(scratch); }
  
-    /* put together an eblock for this encryption */
-
-    krb5_use_cstype(&eblock, dec_ticket->enc_part.etype);
      dec_ticket->enc_part.ciphertext.length =
-       krb5_encrypt_size(scratch->length,
-                         eblock.crypto_entry);
+       krb5_encrypt_size(scratch->length, eblock->crypto_entry);
      /* add padding area, and zero it */
      if (!(scratch->data = realloc(scratch->data,
                                   dec_ticket->enc_part.ciphertext.length))) {
@@ -95,23 +86,25 @@ dec_ticket->enc_part.ciphertext.length = 0; \
  dec_ticket->enc_part.ciphertext.data = 0;}
  
      /* do any necessary key pre-processing */
-    if (retval = krb5_process_key(&eblock, srv_key)) {
+    if (retval = krb5_process_key(eblock, srv_key)) {
         goto clean_encpart;
      }
  
-#define cleanup_prockey() {(void) krb5_finish_key(&eblock);}
+#define cleanup_prockey() {(void) krb5_finish_key(eblock);}
  
      /* call the encryption routine */
      if (retval = krb5_encrypt((krb5_pointer) scratch->data,
                               (krb5_pointer) dec_ticket->enc_part.ciphertext.data,
-                             scratch->length, &eblock, 0)) {
+                             scratch->length, eblock, 0)) {
         goto clean_prockey;
      }
  
+    dec_ticket->enc_part.etype = krb5_eblock_enctype(eblock);
+
      /* ticket is now assembled-- do some cleanup */
      cleanup_scratch();
  
-    if (retval = krb5_finish_key(&eblock)) {
+    if (retval = krb5_finish_key(eblock)) {
         cleanup_encpart();
         return retval;
      }
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c

index 39b8f121cd2a347201fd98e58b2c21249a05759a..13003a704a15b0da8e3f20a90e849dcd176f768d 100644 (file)
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -107,7 +107,10 @@ krb5_data *outbuf;
      if (!valid_keytype(creds->keyblock.keytype))
         return KRB5_PROG_KEYTYPE_NOSUPP;
  
-    etype = krb5_keytype_array[creds->keyblock.keytype]->system->proto_enctype;
+    if (creds->keyblock.etype == ETYPE_UNKNOWN)
+       etype = krb5_keytype_array[creds->keyblock.keytype]->system->proto_enctype;
+    else
+       etype = creds->keyblock.etype;
  
      if (!valid_etype(etype))
         return KRB5_PROG_ETYPE_NOSUPP;
author	Theodore Tso <tytso@mit.edu>
	Mon, 21 Nov 1994 20:33:53 +0000 (20:33 +0000)
committer	Theodore Tso <tytso@mit.edu>
	Mon, 21 Nov 1994 20:33:53 +0000 (20:33 +0000)
src/include/krb5/ChangeLog		patch \| blob \| history
src/include/krb5/encryption.h		patch \| blob \| history
src/include/krb5/func-proto.h		patch \| blob \| history
src/lib/krb5/krb/ChangeLog		patch \| blob \| history
src/lib/krb5/krb/encode_kdc.c		patch \| blob \| history
src/lib/krb5/krb/encrypt_tk.c		patch \| blob \| history
src/lib/krb5/krb/mk_req_ext.c		patch \| blob \| history