From 2c55e86593458e5e06320e74ee776bde17c100bb Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@mit.edu>
Date: Fri, 19 Oct 2001 15:54:08 +0000
Subject: [PATCH] 	* arcfour.c (krb5_arcfour_decrypt): Return error if
 salt cannot be allocated 	(krb5_arcfour_encrypt): Only memset bits of
 key to known value on export-grade crypto 	* arcfour.c
 (arcfour_translate_usage): Attempt to implement based 	on
 draft-brezak-win2k-krb-rc4-hmac-03.  Several usages remain unclear. 	Make
 40-bit string not unsigned to avoid warning 	(krb5_arcfour_encrypt
 krb5_arcfour_decrypt):  cast to avoid pointer warnings

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13824 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/crypto/arcfour/ChangeLog | 12 ++++++++
 src/lib/crypto/arcfour/arcfour.c | 48 ++++++++++++++++++++++++++------
 2 files changed, 51 insertions(+), 9 deletions(-)
 create mode 100644 src/lib/crypto/arcfour/ChangeLog

diff --git a/src/lib/crypto/arcfour/ChangeLog b/src/lib/crypto/arcfour/ChangeLog
new file mode 100644
index 000000000..c9b641a8c
--- /dev/null
+++ b/src/lib/crypto/arcfour/ChangeLog
@@ -0,0 +1,12 @@
+2001-10-19  Sam Hartman  <hartmans@mit.edu>
+
+	* arcfour.c (krb5_arcfour_decrypt): Return error if salt cannot be allocated
+	(krb5_arcfour_encrypt): Only memset bits of key to known value on export-grade crypto
+
+2001-10-18  Sam Hartman  <hartmans@mit.edu>
+
+	* arcfour.c (arcfour_translate_usage): Attempt to implement based
+	on draft-brezak-win2k-krb-rc4-hmac-03.  Several usages remain unclear.
+	Make 40-bit string not unsigned to avoid warning
+	(krb5_arcfour_encrypt krb5_arcfour_decrypt):  cast to avoid pointer warnings
+
diff --git a/src/lib/crypto/arcfour/arcfour.c b/src/lib/crypto/arcfour/arcfour.c
index d96a6518d..b26a3f330 100644
--- a/src/lib/crypto/arcfour/arcfour.c
+++ b/src/lib/crypto/arcfour/arcfour.c
@@ -8,7 +8,7 @@ of RSA Data Security)
 */
 #include "k5-int.h"
 #include "arcfour-int.h"
-const unsigned char *l40 = "fortybits";
+const  char *l40 = "fortybits";
 
 void
 krb5_arcfour_encrypt_length(enc, hash, inputlen, length)
@@ -29,7 +29,35 @@ krb5_arcfour_encrypt_length(enc, hash, inputlen, length)
 
 static krb5_keyusage arcfour_translate_usage(krb5_keyusage usage)
 {
-  return usage;
+  switch (usage) {
+  case 1:			/* AS-REQ PA-ENC-TIMESTAMP padata timestamp,  */
+    /*Microsoft does not actually support this padata, not sure which usage they would use*/
+    return 1;
+  case 2:			/* ticket from kdc */
+    return 2;
+  case 3:			/* as-rep encrypted part */
+    return 8;
+  case 4:			/* tgs-req authz data */
+    return 4;			/* xxx Microsoft doesn't say */
+  case 5:			/* tgs-req authz data in subkey */
+    return 5;			/* xxx Microsoft doesn't say */
+  case 6:			/* tgs-req authenticator cksum */
+    return 6;			/* xxx Microsoft  doesn't say*/
+case 7:				/* tgs-req authenticator */
+  return 7;
+    case 8:
+    return 8;
+  case 9:			/* tgs-rep encrypted with subkey */
+    return 8;
+  case 10:			/* ap-rep authentication cksum */
+    return 10;			/* xxx Microsoft didn't say */
+  case 11:			/* app-req authenticator */
+    return 11;
+  case 12:			/* app-rep encrypted part */
+    return 12;
+  default:
+      return usage;
+}
 }
 
 krb5_error_code
@@ -58,7 +86,7 @@ krb5_arcfour_encrypt(enc, hash, key, usage, ivec, input, output)
     return (ENOMEM);
   memcpy(&k1, key, sizeof (krb5_keyblock));
   k1.length=d1.length;
-  k1.contents=d1.data;
+  k1.contents= (void *) d1.data;
 
   d2.length=keybytes;
   d2.data=malloc(d2.length);
@@ -68,7 +96,7 @@ krb5_arcfour_encrypt(enc, hash, key, usage, ivec, input, output)
   }
   memcpy(&k2, key, sizeof (krb5_keyblock));
   k2.length=d2.length;
-  k2.contents=d2.data;
+  k2.contents=(void *) d2.data;
 
   d3.length=keybytes;
   d3.data=malloc(d3.length);
@@ -79,7 +107,7 @@ krb5_arcfour_encrypt(enc, hash, key, usage, ivec, input, output)
   }
   memcpy(&k3, key, sizeof (krb5_keyblock));
   k3.length=d3.length;
-  k3.contents=d3.data;
+  k3.contents= (void *) d3.data;
   
   salt.length=14;
   salt.data=malloc(salt.length);
@@ -129,7 +157,7 @@ krb5_arcfour_encrypt(enc, hash, key, usage, ivec, input, output)
 
   memcpy(k2.contents, k1.contents, k2.length);
 
-  if (key->enctype==ENCTYPE_ARCFOUR_HMAC)
+  if (key->enctype==ENCTYPE_ARCFOUR_HMAC_EXP)
     memset(k1.contents+7, 0xab, 9);
 
   ret=krb5_c_random_make_octets(/* XXX */ 0, &confounder);
@@ -185,7 +213,7 @@ krb5_arcfour_decrypt(enc, hash, key, usage, ivec, input, output)
     return (ENOMEM);
   memcpy(&k1, key, sizeof (krb5_keyblock));
   k1.length=d1.length;
-  k1.contents=d1.data;
+  k1.contents= (void *) d1.data;
   
   d2.length=keybytes;
   d2.data=malloc(d2.length);
@@ -195,7 +223,7 @@ krb5_arcfour_decrypt(enc, hash, key, usage, ivec, input, output)
   }
   memcpy(&k2, key, sizeof(krb5_keyblock));
   k2.length=d2.length;
-  k2.contents=d2.data;
+  k2.contents= (void *) d2.data;
 
   d3.length=keybytes;
   d3.data=malloc(d3.length);
@@ -206,7 +234,7 @@ krb5_arcfour_decrypt(enc, hash, key, usage, ivec, input, output)
   }
   memcpy(&k3, key, sizeof(krb5_keyblock));
   k3.length=d3.length;
-  k3.contents=d3.data;
+  k3.contents= (void *) d3.data;
 
   salt.length=14;
   salt.data=malloc(salt.length);
@@ -214,6 +242,7 @@ krb5_arcfour_decrypt(enc, hash, key, usage, ivec, input, output)
     free(d1.data);
     free(d2.data);
     free(d3.data);
+    return (ENOMEM);
   }
 
   ciphertext.length=input->length-hashsize;
@@ -225,6 +254,7 @@ krb5_arcfour_decrypt(enc, hash, key, usage, ivec, input, output)
     free(d2.data);
     free(d3.data);
     free(salt.data);
+    return (ENOMEM);
   }
 
   checksum.length=hashsize;
-- 
2.26.2