From: Theodore Tso Date: Sat, 18 May 1996 05:55:59 +0000 (+0000) Subject: Define MD5_K5BETA_COMPAT and MD5_K5BETA_COMP_DEF so that we continue X-Git-Tag: krb5-1.0-beta6~72 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=576408fe5966789a74569e305c142a9a2d91282d;p=krb5.git Define MD5_K5BETA_COMPAT and MD5_K5BETA_COMP_DEF so that we continue doing things the wrong (broken) way. All hail backwards compatibility.... The code now generates the old checksum, but it will verify both the old and the correct checksum formats. Also fixed two bugs in the "correct" MD5_CRYPTO implementation; use a zero initialization vector, and calculate the confounder at the beginning of the message, not at the end. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8044 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/crypto/md5/ChangeLog b/src/lib/crypto/md5/ChangeLog index ffe7df271..ae09cdab7 100644 --- a/src/lib/crypto/md5/ChangeLog +++ b/src/lib/crypto/md5/ChangeLog @@ -1,3 +1,16 @@ +Sat May 18 01:49:33 1996 Theodore Y. Ts'o + + * md5crypto.c: Define MD5_K5BETA_COMPAT and MD5_K5BETA_COMP_DEF so + that we continue doing things the wrong (broken) way. All + hail backwards compatibility.... The code now generates + the old checksum, but it will verify both the old and the + correct checksum formats. + + Also fixed two bugs in the "correct" MD5_CRYPTO + implementation; use a zero initialization vector, and + calculate the confounder at the beginning of the message, + not at the end. + Tue May 14 19:32:51 1996 Richard Basch * md5crypto.c md5glue.c: diff --git a/src/lib/crypto/md5/configure.in b/src/lib/crypto/md5/configure.in index dd785bfab..7eff1bc8b 100644 --- a/src/lib/crypto/md5/configure.in +++ b/src/lib/crypto/md5/configure.in @@ -1,6 +1,5 @@ AC_INIT(configure.in) CONFIG_RULES -AC_DEFINE(MD5_K5BETA_COMPAT) V5_SHARED_LIB_OBJS SubdirLibraryRule([${OBJS}]) V5_AC_OUTPUT_MAKEFILE diff --git a/src/lib/crypto/md5/md5crypto.c b/src/lib/crypto/md5/md5crypto.c index b22a38748..c37b8e658 100644 --- a/src/lib/crypto/md5/md5crypto.c +++ b/src/lib/crypto/md5/md5crypto.c @@ -12,6 +12,8 @@ krb5_error_code krb5_md5_crypto_verify_func PROTOTYPE((krb5_checksum FAR *cksum, krb5_pointer in, size_t in_length, krb5_pointer seed, size_t seed_length)); +static mit_des_cblock zero_ivec = { 0 }; + /* * In Kerberos V5 Beta 5 and previous releases the RSA-MD5-DES implementation * did not follow RFC1510. The folowing definitions control the compatibility @@ -25,9 +27,11 @@ krb5_md5_crypto_verify_func PROTOTYPE((krb5_checksum FAR *cksum, krb5_pointer in * the compatible behaviour becomes the default. * */ +#define MD5_K5BETA_COMPAT +#define MD5_K5BETA_COMPAT_DEF static void -krb5_md5_calculate_cksum(md5ctx, in, in_length, confound, confound_length) +krb5_md5_calculate_cksum(md5ctx, confound, confound_length, in, in_length) krb5_MD5_CTX *md5ctx; krb5_pointer in; size_t in_length; @@ -151,7 +155,7 @@ krb5_checksum FAR *outcksum; RSA_MD5_DES_CKSUM_LENGTH + RSA_MD5_DES_CONFOUND_LENGTH, (struct mit_des_ks_struct *)eblock.priv, - keyblock.contents, + zero_ivec, MIT_DES_ENCRYPT); if (retval) { (void) mit_des_finish_key(&eblock); @@ -260,7 +264,7 @@ size_t seed_length; RSA_MD5_DES_CONFOUND_LENGTH, (struct mit_des_ks_struct *) eblock.priv, - keyblock.contents, + zero_ivec, MIT_DES_DECRYPT); if (retval) { (void) mit_des_finish_key(&eblock);