+Wed Dec 16 16:14:02 1998 Tom Yu <tlyu@mit.edu>
+
+ * old_decrypt.c (krb5_old_decrypt): Initialize the ivec to the key
+ if we're using DES_CBC_CRC, for backwards compatibility. We
+ weren't noticing this before because it only trashes the first
+ block, which is the confounder, which we weren't actually
+ verifying because checksum was unconditionally succeeding prior to
+ the other patch.
+
Thu Dec 10 22:16:14 1998 Tom Yu <tlyu@mit.edu>
* old_decrypt.c (krb5_old_decrypt): Actually compare the
krb5_error_code ret;
size_t blocksize, hashsize, plainsize;
unsigned char *plaintext, *cksumdata;
- krb5_data output, cksum;
+ krb5_data output, cksum, crcivec;
int alloced;
(*(enc->block_size))(&blocksize);
/* decrypt it */
+ /* XXX this is gross, but I don't have much choice */
+ if ((key->enctype == ENCTYPE_DES_CBC_CRC) && (ivec == 0)) {
+ crcivec.length = key->length;
+ crcivec.data = key->contents;
+ ivec = &crcivec;
+ }
+
if (ret = ((*(enc->decrypt))(key, ivec, input, &output)))
goto cleanup;