From 26b8d31d5b0f2445be9c778219c66d747e6a45ce Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Thu, 5 Jun 2003 20:14:11 +0000 Subject: [PATCH] If krb5_c_string_to_key is called with an afs3 salt length for a non-DES enctype, return KRB5_CRYPTO_INTERNAL. Ticket: 1521 Status: open Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15576 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/ChangeLog | 5 +++++ src/lib/crypto/string_to_key.c | 14 ++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index d963e5fdb..e15663a07 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,8 @@ +2003-06-05 Sam Hartman + + * string_to_key.c (krb5_c_string_to_key_with_params): Only allow + AFS s2k for DES enctypes + 2003-05-15 Sam Hartman * combine_keys.c (enctype_ok): new function to determine if we support combine_keys for a particular enctype diff --git a/src/lib/crypto/string_to_key.c b/src/lib/crypto/string_to_key.c index 3bd7a4e73..412583185 100644 --- a/src/lib/crypto/string_to_key.c +++ b/src/lib/crypto/string_to_key.c @@ -71,7 +71,21 @@ krb5_c_string_to_key_with_params(context, enctype, string, salt, params, key) return(KRB5_BAD_ENCTYPE); enc = krb5_enctypes_list[i].enc; +/* xxx AFS string2key function is indicated by a special length in + * the salt in much of the code. However only the DES enctypes can + * deal with this. Using s2kparams would be a much better solution.*/ + if (salt && salt->length == SALT_TYPE_AFS_LENGTH) { + switch (enctype) { + case ENCTYPE_DES_CBC_CRC: + case ENCTYPE_DES_CBC_MD4: + case ENCTYPE_DES_CBC_MD5: + break; + default: + return (KRB5_CRYPTO_INTERNAL); + } + } + (*(enc->keysize))(&keybytes, &keylength); if ((key->contents = (krb5_octet *) malloc(keylength)) == NULL) -- 2.26.2