From: Tom Yu Date: Wed, 16 Dec 1998 21:16:33 +0000 (+0000) Subject: * old_decrypt.c (krb5_old_decrypt): Initialize the ivec to the key X-Git-Tag: krb5-1.1-beta1~429 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=949ae78dd56914b1d1491e3e7d27c46e602493c1;p=krb5.git * old_decrypt.c (krb5_old_decrypt): Initialize the ivec to the key if we're using DES_CBC_CRC, for backwards compatibility. We weren't noticing this before because it only trashes the first block, which is the confounder, which we weren't actually verifying because checksum was unconditionally succeeding prior to the other patch. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11092 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/crypto/old/ChangeLog b/src/lib/crypto/old/ChangeLog index 088c59617..699aaebaa 100644 --- a/src/lib/crypto/old/ChangeLog +++ b/src/lib/crypto/old/ChangeLog @@ -1,3 +1,12 @@ +Wed Dec 16 16:14:02 1998 Tom Yu + + * old_decrypt.c (krb5_old_decrypt): Initialize the ivec to the key + if we're using DES_CBC_CRC, for backwards compatibility. We + weren't noticing this before because it only trashes the first + block, which is the confounder, which we weren't actually + verifying because checksum was unconditionally succeeding prior to + the other patch. + Thu Dec 10 22:16:14 1998 Tom Yu * old_decrypt.c (krb5_old_decrypt): Actually compare the diff --git a/src/lib/crypto/old/old_decrypt.c b/src/lib/crypto/old/old_decrypt.c index ad0b39ebf..26019e164 100644 --- a/src/lib/crypto/old/old_decrypt.c +++ b/src/lib/crypto/old/old_decrypt.c @@ -40,7 +40,7 @@ krb5_old_decrypt(enc, hash, key, usage, ivec, input, arg_output) krb5_error_code ret; size_t blocksize, hashsize, plainsize; unsigned char *plaintext, *cksumdata; - krb5_data output, cksum; + krb5_data output, cksum, crcivec; int alloced; (*(enc->block_size))(&blocksize); @@ -76,6 +76,13 @@ krb5_old_decrypt(enc, hash, key, usage, ivec, input, arg_output) /* decrypt it */ + /* XXX this is gross, but I don't have much choice */ + if ((key->enctype == ENCTYPE_DES_CBC_CRC) && (ivec == 0)) { + crcivec.length = key->length; + crcivec.data = key->contents; + ivec = &crcivec; + } + if (ret = ((*(enc->decrypt))(key, ivec, input, &output))) goto cleanup;