need to put length of key into encrypted stuff

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@284 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c
index 59a290938504ead75017eae810ecbac35cdfa6b9..435a60ee252120632fc871d6c00b7bdc5e9204d1 100644 (file)
--- a/src/lib/kdb/encrypt_key.c
+++ b/src/lib/kdb/encrypt_key.c
@@ -17,6 +17,7 @@ static char rcsid_encrypt_key_c [] =
 
 #include <krb5/copyright.h>
 #include <krb5/krb5.h>
+#include <krb5/kdb5_err.h>
 #include <krb5/ext-proto.h>
 #include <errno.h>
 
@@ -26,17 +27,33 @@ krb5_keyblock *in;
 krb5_keyblock *out;
 krb5_encrypt_block *eblock;
 {
+    /* encrypted rep has a length encrypted along with the key,
+       so that we win if the keysize != blocksize.
+       However, this means an extra block (at least) if
+       keysize == blocksize. */
+
+    krb5_error_code retval;
+
     *out = *in;
     out->length = krb5_encrypt_size(in->length, eblock->crypto_entry);
+    out->length += sizeof(out->length);
     out->contents = (krb5_octet *)malloc(out->length);
     if (!out->contents) {
        out->contents = 0;
        out->length = 0;
        return ENOMEM;
     }
-    return (*eblock->crypto_entry->encrypt_func)((krb5_pointer) in->contents,
-                                                (krb5_pointer) out->contents,
-                                                in->length, eblock);
+    bcopy(&out->length, out->contents, sizeof(out->length));
+    if (retval = (*eblock->crypto_entry->
+                 encrypt_func)((krb5_pointer) in->contents,
+                               ((krb5_pointer) out->contents) +
+                               sizeof(out->length),
+                               in->length, eblock)) {
+       free((char *)out->contents);
+       out->contents = 0;
+       out->length = 0;
+    }
+    return retval;
 }
 
 krb5_error_code
@@ -45,6 +62,8 @@ krb5_keyblock *in;
 krb5_keyblock *out;
 krb5_encrypt_block *eblock;
 {
+    krb5_error_code retval;
+
     *out = *in;
     out->length = krb5_encrypt_size(in->length, eblock->crypto_entry);
     out->contents = (krb5_octet *)malloc(out->length);
@@ -53,7 +72,25 @@ krb5_encrypt_block *eblock;
        out->length = 0;
        return ENOMEM;
     }
-    return (*eblock->crypto_entry->decrypt_func)((krb5_pointer) in->contents,
-                                                (krb5_pointer) out->contents,
-                                                in->length, eblock);
+    if (retval = (*eblock->crypto_entry->
+                 decrypt_func)((krb5_pointer) in->contents,
+                               (krb5_pointer) out->contents,
+                               in->length, eblock)) {
+       free((char *)out->contents);
+       out->contents = 0;
+       out->length = 0;
+       return retval;
+    }
+    out->length -= sizeof(out->length);
+    if (out->length < 0) {
+       free((char *)out->contents);
+       out->contents = 0;
+       out->length = 0;
+       return KRB5_KDB_INVALIDKEYSIZE;
+    }
+    /* shift key down to beginning of contents, and ignore extra wasted
+       space */
+    bcopy(out->contents, ((krb5_pointer) out->contents ) + sizeof(out->length),
+         out->length);
+    return retval;
 }