From 3f1e5dddf9ab7aa7b02222db19013fe8cd62b245 Mon Sep 17 00:00:00 2001 From: John Kohl Date: Wed, 10 Oct 1990 17:21:15 +0000 Subject: [PATCH] changes for new encryption data structures git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1229 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/decrypt_tk.c | 12 ++++++------ src/lib/krb5/krb/encrypt_tk.c | 34 ++++++++++++++++++++++------------ src/lib/krb5/krb/kdc_rep_dc.c | 10 +++++----- src/lib/krb5/krb/mk_req_ext.c | 23 ++++++++++++++++------- 4 files changed, 49 insertions(+), 30 deletions(-) diff --git a/src/lib/krb5/krb/decrypt_tk.c b/src/lib/krb5/krb/decrypt_tk.c index 64fb6848c..3c5619bf4 100644 --- a/src/lib/krb5/krb/decrypt_tk.c +++ b/src/lib/krb5/krb/decrypt_tk.c @@ -23,7 +23,7 @@ static char rcsid_decrypt_tk_c[] = #include /* - Takes encrypted dec_ticket->enc_part, encrypts with dec_ticket->etype + Decrypts dec_ticket->enc_part using *srv_key, and places result in dec_ticket->enc_part2. The storage of dec_ticket->enc_part2 will be allocated before return. @@ -41,15 +41,15 @@ register krb5_ticket *ticket; krb5_data scratch; krb5_error_code retval; - if (!valid_etype(ticket->etype)) + if (!valid_etype(ticket->enc_part.etype)) return KRB5_PROG_ETYPE_NOSUPP; /* put together an eblock for this encryption */ - eblock.crypto_entry = krb5_csarray[ticket->etype]->system; + eblock.crypto_entry = krb5_csarray[ticket->enc_part.etype]->system; - scratch.length = ticket->enc_part.length; - if (!(scratch.data = malloc(ticket->enc_part.length))) + scratch.length = ticket->enc_part.ciphertext.length; + if (!(scratch.data = malloc(ticket->enc_part.ciphertext.length))) return(ENOMEM); /* do any necessary key pre-processing */ @@ -59,7 +59,7 @@ register krb5_ticket *ticket; } /* call the encryption routine */ - if (retval = krb5_decrypt((krb5_pointer) ticket->enc_part.data, + if (retval = krb5_decrypt((krb5_pointer) ticket->enc_part.ciphertext.data, (krb5_pointer) scratch.data, scratch.length, &eblock, 0)) { (void) krb5_finish_key(&eblock); diff --git a/src/lib/krb5/krb/encrypt_tk.c b/src/lib/krb5/krb/encrypt_tk.c index 701149aae..0bf772113 100644 --- a/src/lib/krb5/krb/encrypt_tk.c +++ b/src/lib/krb5/krb/encrypt_tk.c @@ -23,13 +23,15 @@ static char rcsid_encrypt_tk_c[] = #include /* - Takes unencrypted dec_ticket & dec_tkt_part, encrypts with dec_ticket->etype + Takes unencrypted dec_ticket & dec_tkt_part, encrypts with + dec_ticket->enc_part.etype using *srv_key, and places result in dec_ticket->enc_part. - The string dec_ticket->enc_part will be allocated before formatting. + The string dec_ticket->enc_part.ciphertext will be allocated before + formatting. returns errors from encryption routines, system errors - enc_part->data allocated & filled in with encrypted stuff + enc_part->ciphertext.data allocated & filled in with encrypted stuff */ krb5_error_code @@ -44,7 +46,7 @@ register krb5_ticket *dec_ticket; /* encrypt the encrypted part */ - if (!valid_etype(dec_ticket->etype)) + if (!valid_etype(dec_ticket->enc_part.etype)) return KRB5_PROG_ETYPE_NOSUPP; /* start by encoding the to-be-encrypted part. */ @@ -56,23 +58,31 @@ register krb5_ticket *dec_ticket; /* put together an eblock for this encryption */ - eblock.crypto_entry = krb5_csarray[dec_ticket->etype]->system; - dec_ticket->enc_part.length = krb5_encrypt_size(scratch->length, - eblock.crypto_entry); + eblock.crypto_entry = krb5_csarray[dec_ticket->enc_part.etype]->system; + dec_ticket->enc_part.ciphertext.length = + krb5_encrypt_size(scratch->length, + eblock.crypto_entry); /* add padding area, and zero it */ - if (!(scratch->data = realloc(scratch->data, dec_ticket->enc_part.length))) { + if (!(scratch->data = realloc(scratch->data, + dec_ticket->enc_part.ciphertext.length))) { /* may destroy scratch->data */ xfree(scratch); return ENOMEM; } bzero(scratch->data + scratch->length, - dec_ticket->enc_part.length - scratch->length); - if (!(dec_ticket->enc_part.data = malloc(dec_ticket->enc_part.length))) { + dec_ticket->enc_part.ciphertext.length - scratch->length); + if (!(dec_ticket->enc_part.ciphertext.data = + malloc(dec_ticket->enc_part.ciphertext.length))) { retval = ENOMEM; goto clean_scratch; } -#define cleanup_encpart() {(void) bzero(dec_ticket->enc_part.data, dec_ticket->enc_part.length); free(dec_ticket->enc_part.data); dec_ticket->enc_part.length = 0; dec_ticket->enc_part.data = 0;} +#define cleanup_encpart() {\ +(void) bzero(dec_ticket->enc_part.ciphertext.data, \ + dec_ticket->enc_part.ciphertext.length); \ +free(dec_ticket->enc_part.ciphertext.data); \ +dec_ticket->enc_part.ciphertext.length = 0; \ +dec_ticket->enc_part.ciphertext.data = 0;} /* do any necessary key pre-processing */ if (retval = krb5_process_key(&eblock, srv_key)) { @@ -83,7 +93,7 @@ register krb5_ticket *dec_ticket; /* call the encryption routine */ if (retval = krb5_encrypt((krb5_pointer) scratch->data, - (krb5_pointer) dec_ticket->enc_part.data, + (krb5_pointer) dec_ticket->enc_part.ciphertext.data, scratch->length, &eblock, 0)) { goto clean_prockey; } diff --git a/src/lib/krb5/krb/kdc_rep_dc.c b/src/lib/krb5/krb/kdc_rep_dc.c index a2fa5b502..273a6a247 100644 --- a/src/lib/krb5/krb/kdc_rep_dc.c +++ b/src/lib/krb5/krb/kdc_rep_dc.c @@ -40,19 +40,19 @@ OLDDECLARG(krb5_kdc_rep *, dec_rep) krb5_data scratch; krb5_enc_kdc_rep_part *local_encpart; - if (!valid_etype(dec_rep->etype)) + if (!valid_etype(dec_rep->enc_part.etype)) return KRB5_PROG_ETYPE_NOSUPP; /* set up scratch decrypt/decode area */ - scratch.length = dec_rep->enc_part.length; - if (!(scratch.data = malloc(dec_rep->enc_part.length))) { + scratch.length = dec_rep->enc_part.ciphertext.length; + if (!(scratch.data = malloc(dec_rep->enc_part.ciphertext.length))) { return(ENOMEM); } /* put together an eblock for this encryption */ - eblock.crypto_entry = krb5_csarray[dec_rep->etype]->system; + eblock.crypto_entry = krb5_csarray[dec_rep->enc_part.etype]->system; /* do any necessary key pre-processing */ if (retval = krb5_process_key(&eblock, key)) { @@ -61,7 +61,7 @@ OLDDECLARG(krb5_kdc_rep *, dec_rep) } /* call the decryption routine */ - if (retval = krb5_decrypt((krb5_pointer) dec_rep->enc_part.data, + if (retval = krb5_decrypt((krb5_pointer) dec_rep->enc_part.ciphertext.data, (krb5_pointer) scratch.data, scratch.length, &eblock, 0)) { (void) krb5_finish_key(&eblock); diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index 220f829e1..1c27a18cf 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -128,23 +128,32 @@ krb5_data *outbuf; /* put together an eblock for this encryption */ eblock.crypto_entry = krb5_csarray[etype]->system; - request.authenticator.length = krb5_encrypt_size(scratch->length, - eblock.crypto_entry); + request.authenticator.etype = etype; + request.authenticator.kvno = 0; /* XXX user set? */ + request.authenticator.ciphertext.length = + krb5_encrypt_size(scratch->length, eblock.crypto_entry); /* add padding area, and zero it */ - if (!(scratch->data = realloc(scratch->data, request.authenticator.length))) { + if (!(scratch->data = realloc(scratch->data, + request.authenticator.ciphertext.length))) { /* may destroy scratch->data */ xfree(scratch); retval = ENOMEM; goto clean_ticket; } bzero(scratch->data + scratch->length, - request.authenticator.length - scratch->length); - if (!(request.authenticator.data = malloc(request.authenticator.length))) { + request.authenticator.ciphertext.length - scratch->length); + if (!(request.authenticator.ciphertext.data = + malloc(request.authenticator.ciphertext.length))) { retval = ENOMEM; goto clean_scratch; } -#define cleanup_encpart() {(void) bzero(request.authenticator.data, request.authenticator.length); free(request.authenticator.data); request.authenticator.length = 0; request.authenticator.data = 0;} +#define cleanup_encpart() {\ +(void) bzero(request.authenticator.ciphertext.data, \ + request.authenticator.ciphertext.length); \ +free(request.authenticator.ciphertext.data); \ +request.authenticator.ciphertext.length = 0; \ +request.authenticator.ciphertext.data = 0;} /* do any necessary key pre-processing */ if (retval = krb5_process_key(&eblock, &creds->keyblock)) { @@ -155,7 +164,7 @@ krb5_data *outbuf; /* call the encryption routine */ if (retval = krb5_encrypt((krb5_pointer) scratch->data, - (krb5_pointer) request.authenticator.data, + (krb5_pointer) request.authenticator.ciphertext.data, scratch->length, &eblock, 0)) { goto clean_prockey; } -- 2.26.2