From: Theodore Tso Date: Thu, 14 Sep 1995 02:54:13 +0000 (+0000) Subject: (key_encrypt_keys): Remove equally errneous krb5_use_enctype() call X-Git-Tag: krb5-1.0-beta6~1077 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=b102c57ee3c0c5355bfd3e49481352ad1fecb23a;p=krb5.git (key_encrypt_keys): Remove equally errneous krb5_use_enctype() call from key_encrypt_keys(). (key_string2key_keysalt and key_randomkey_keysalt): Install really ugly hack to prevent these routines from munging the master_encblock. This is not the correct fix. Proven will be making the correct fix which will involve removing these routines and using the corect libkdb functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6786 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kadmin/v5server/ChangeLog b/src/kadmin/v5server/ChangeLog index d7896a706..52a4fb7d7 100644 --- a/src/kadmin/v5server/ChangeLog +++ b/src/kadmin/v5server/ChangeLog @@ -1,5 +1,14 @@ Wed Sep 13 22:08:56 1995 Theodore Y. Ts'o (tytso@dcl) + * srv_key.c (key_string2key_keysalt and key_randomkey_keysalt): + Install really ugly hack to prevent these routines from munging + the master_encblock. This is not the correct fix. Proven + will be making the correct fix which will involve removing + these routines and using the corect libkdb functions. + + * srv_key.c (key_encrypt_keys): Remove equally errneous + krb5_use_enctype() call from key_encrypt_keys(). + * srv_key.c (key_decrypt_keys): Keys are encrypted in the key of the master key encryption type, not in the keytype of the key!!! Removed erroneous krb5_use_enctype() call. diff --git a/src/kadmin/v5server/srv_key.c b/src/kadmin/v5server/srv_key.c index 3cf8af9c7..25e709833 100644 --- a/src/kadmin/v5server/srv_key.c +++ b/src/kadmin/v5server/srv_key.c @@ -641,6 +641,7 @@ key_string2key_keysalt(ksent, ptr) krb5_data salt; krb5_keyblock key; krb5_key_data *okeyp; + krb5_enctype old_enctype; argp = (struct keysalt_iterate_args *) ptr; kret = 0; @@ -648,6 +649,17 @@ key_string2key_keysalt(ksent, ptr) * Determine if this key/salt pair is salted. */ salted = 0; + /* + * XXXXX this is totally, totally wrong. We should never be using + * krb5_use_enctype on master_encblock. In particular, it won't + * work once we start having non-DES encryption systems. + * + * For now, we're going to do ths ugly kludge where we save the + * master_encblock's old encryption system, and restore it at the + * end of this routine. This is wrong, and it *will* break in the + * future. We need to fix this before we let this code go out.... + */ + old_enctype = master_encblock.crypto_entry->proto_enctype; krb5_use_enctype(argp->context, &master_encblock, ksent->ks_enctype); if (!krb5_dbe_find_enctype(argp->context, argp->dbentry, @@ -749,6 +761,7 @@ key_string2key_keysalt(ksent, ptr) okeyp->key_data_contents[1] = (krb5_octet *) salt.data; } done: + krb5_use_enctype(argp->context, &master_encblock, old_enctype); return(kret); } @@ -831,10 +844,22 @@ key_randomkey_keysalt(ksent, ptr) krb5_error_code kret; krb5_keyblock *key; krb5_key_data *okeyp; + krb5_enctype old_enctype; argp = (struct keysalt_iterate_args *) ptr; kret = 0; + /* + * XXXXX this is totally, totally wrong. We should never be using + * krb5_use_enctype on master_encblock. In particular, it won't + * work once we start having non-DES encryption systems. + * + * For now, we're going to do ths ugly kludge where we save the + * master_encblock's old encryption system, and restore it at the + * end of this routine. This is wrong, and it *will* break in the + * future. We need to fix this before we let this code go out.... + */ + old_enctype = master_encblock.crypto_entry->proto_enctype; krb5_use_enctype(argp->context, &master_encblock, ksent->ks_enctype); if (krb5_dbe_find_enctype(argp->context, argp->dbentry, @@ -879,6 +904,10 @@ key_randomkey_keysalt(ksent, ptr) krb5_xfree(key); } } + /* + * XXXX This is a kludge!!! See above. + */ + krb5_use_enctype(argp->context, &master_encblock, old_enctype); return(kret); } @@ -960,9 +989,6 @@ key_encrypt_keys(kcontext, dbentp, nkeysp, inkeys, outkeysp) ndone = 0; nkeys = *nkeysp; for (i=0; i