From 568aaed7060a91ec6c1338312265327da89217ee Mon Sep 17 00:00:00 2001 From: John Kohl Date: Wed, 10 Oct 1990 16:51:17 +0000 Subject: [PATCH] changes for new encryption structure git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1224 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/mk_priv.c | 26 +++++++++++++++++--------- src/lib/krb5/krb/mk_rep.c | 23 ++++++++++++++++------- src/lib/krb5/krb/rd_priv.c | 15 ++++++++------- src/lib/krb5/krb/rd_rep.c | 10 +++++++--- src/lib/krb5/krb/rd_req_dec.c | 13 ++++++++----- 5 files changed, 56 insertions(+), 31 deletions(-) diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c index 1ad7af1aa..3a182cf8b 100644 --- a/src/lib/krb5/krb/mk_priv.c +++ b/src/lib/krb5/krb/mk_priv.c @@ -62,7 +62,8 @@ OLDDECLARG(krb5_data *, outbuf) if (!valid_etype(etype)) return KRB5_PROG_ETYPE_NOSUPP; - privmsg.etype = etype; + privmsg.enc_part.etype = etype; + privmsg.enc_part.kvno = 0; /* XXX allow user-set? */ privmsg_enc_part.user_data = *userdata; privmsg_enc_part.s_address = sender_addr->address; @@ -89,22 +90,28 @@ OLDDECLARG(krb5_data *, outbuf) /* put together an eblock for this encryption */ eblock.crypto_entry = krb5_csarray[etype]->system; - privmsg.enc_part.length = krb5_encrypt_size(scratch->length, + privmsg.enc_part.ciphertext.length = krb5_encrypt_size(scratch->length, eblock.crypto_entry); /* add padding area, and zero it */ - if (!(scratch->data = realloc(scratch->data, privmsg.enc_part.length))) { + if (!(scratch->data = realloc(scratch->data, + privmsg.enc_part.ciphertext.length))) { /* may destroy scratch->data */ xfree(scratch); return ENOMEM; } bzero(scratch->data + scratch->length, - privmsg.enc_part.length - scratch->length); - if (!(privmsg.enc_part.data = malloc(privmsg.enc_part.length))) { + privmsg.enc_part.ciphertext.length - scratch->length); + if (!(privmsg.enc_part.ciphertext.data = + malloc(privmsg.enc_part.ciphertext.length))) { retval = ENOMEM; goto clean_scratch; } -#define cleanup_encpart() {(void) bzero(privmsg.enc_part.data, privmsg.enc_part.length); free(privmsg.enc_part.data); privmsg.enc_part.length = 0; privmsg.enc_part.data = 0;} +#define cleanup_encpart() {\ +(void) bzero(privmsg.enc_part.ciphertext.data, \ + privmsg.enc_part.ciphertext.length); \ +free(privmsg.enc_part.ciphertext.data); \ +privmsg.enc_part.ciphertext.length = 0; privmsg.enc_part.ciphertext.data = 0;} /* do any necessary key pre-processing */ if (retval = krb5_process_key(&eblock, key)) { @@ -115,7 +122,7 @@ OLDDECLARG(krb5_data *, outbuf) /* call the encryption routine */ if (retval = krb5_encrypt((krb5_pointer) scratch->data, - (krb5_pointer) privmsg.enc_part.data, + (krb5_pointer) privmsg.enc_part.ciphertext.data, scratch->length, &eblock, i_vector)) { goto clean_prockey; @@ -123,8 +130,9 @@ OLDDECLARG(krb5_data *, outbuf) /* put last block into the i_vector */ if (i_vector) - bcopy(privmsg.enc_part.data + - (privmsg.enc_part.length - eblock.crypto_entry->block_length), + bcopy(privmsg.enc_part.ciphertext.data + + (privmsg.enc_part.ciphertext.length - + eblock.crypto_entry->block_length), i_vector, eblock.crypto_entry->block_length); diff --git a/src/lib/krb5/krb/mk_rep.c b/src/lib/krb5/krb/mk_rep.c index fe8d4fdf2..7df97389a 100644 --- a/src/lib/krb5/krb/mk_rep.c +++ b/src/lib/krb5/krb/mk_rep.c @@ -67,22 +67,31 @@ krb5_data *outbuf; /* put together an eblock for this encryption */ eblock.crypto_entry = krb5_csarray[etype]->system; - reply.enc_part.length = krb5_encrypt_size(scratch->length, - eblock.crypto_entry); + reply.enc_part.etype = etype; + reply.enc_part.kvno = 0; /* XXX user set? */ + + reply.enc_part.ciphertext.length = krb5_encrypt_size(scratch->length, + eblock.crypto_entry); /* add padding area, and zero it */ - if (!(scratch->data = realloc(scratch->data, reply.enc_part.length))) { + if (!(scratch->data = realloc(scratch->data, + reply.enc_part.ciphertext.length))) { /* may destroy scratch->data */ xfree(scratch); return ENOMEM; } bzero(scratch->data + scratch->length, - reply.enc_part.length - scratch->length); - if (!(reply.enc_part.data = malloc(reply.enc_part.length))) { + reply.enc_part.ciphertext.length - scratch->length); + if (!(reply.enc_part.ciphertext.data = + malloc(reply.enc_part.ciphertext.length))) { retval = ENOMEM; goto clean_scratch; } -#define cleanup_encpart() {(void) bzero(reply.enc_part.data, reply.enc_part.length); free(reply.enc_part.data); reply.enc_part.length = 0; reply.enc_part.data = 0;} +#define cleanup_encpart() {\ +(void) bzero(reply.enc_part.ciphertext.data, \ + reply.enc_part.ciphertext.length); \ +free(reply.enc_part.ciphertext.data); \ +reply.enc_part.ciphertext.length = 0; reply.enc_part.ciphertext.data = 0;} /* do any necessary key pre-processing */ if (retval = krb5_process_key(&eblock, kblock)) { @@ -93,7 +102,7 @@ krb5_data *outbuf; /* call the encryption routine */ if (retval = krb5_encrypt((krb5_pointer) scratch->data, - (krb5_pointer) reply.enc_part.data, + (krb5_pointer) reply.enc_part.ciphertext.data, scratch->length, &eblock, 0)) { goto clean_prockey; } diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index 45bd4f500..10cb7ab61 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -75,16 +75,16 @@ OLDDECLARG(krb5_data *, outbuf) return retval; } -#define cleanup_privmsg() {(void)xfree(privmsg->enc_part.data); (void)xfree(privmsg);} - if (!valid_etype(privmsg->etype)) { +#define cleanup_privmsg() {(void)xfree(privmsg->enc_part.ciphertext.data); (void)xfree(privmsg);} + if (!valid_etype(privmsg->enc_part.etype)) { cleanup_privmsg(); return KRB5_PROG_ETYPE_NOSUPP; /* XXX */ } /* put together an eblock for this decryption */ - eblock.crypto_entry = krb5_csarray[privmsg->etype]->system; - scratch.length = privmsg->enc_part.length; + eblock.crypto_entry = krb5_csarray[privmsg->enc_part.etype]->system; + scratch.length = privmsg->enc_part.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) { cleanup_privmsg(); @@ -103,7 +103,7 @@ OLDDECLARG(krb5_data *, outbuf) #define cleanup_prockey() {(void) krb5_finish_key(&eblock);} /* call the decryption routine */ - if (retval = krb5_decrypt((krb5_pointer) privmsg->enc_part.data, + if (retval = krb5_decrypt((krb5_pointer) privmsg->enc_part.ciphertext.data, (krb5_pointer) scratch.data, scratch.length, &eblock, i_vector)) { @@ -117,8 +117,9 @@ OLDDECLARG(krb5_data *, outbuf) input */ /* put last block into the i_vector */ if (i_vector) - bcopy(privmsg->enc_part.data + - (privmsg->enc_part.length - eblock.crypto_entry->block_length), + bcopy(privmsg->enc_part.ciphertext.data + + (privmsg->enc_part.ciphertext.length - + eblock.crypto_entry->block_length), i_vector, eblock.crypto_entry->block_length); diff --git a/src/lib/krb5/krb/rd_rep.c b/src/lib/krb5/krb/rd_rep.c index db8791cb6..fffe26ff8 100644 --- a/src/lib/krb5/krb/rd_rep.c +++ b/src/lib/krb5/krb/rd_rep.c @@ -56,9 +56,13 @@ krb5_ap_rep_enc_part *repl; /* put together an eblock for this encryption */ - eblock.crypto_entry = krb5_keytype_array[kblock->keytype]->system; + if (!valid_etype(reply->enc_part.etype)) { + krb5_free_ap_rep(reply); + return KRB5_PROG_ETYPE_NOSUPP; + } + eblock.crypto_entry = krb5_csarray[reply->enc_part.etype]->system; - scratch.length = reply->enc_part.length; + scratch.length = reply->enc_part.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) { krb5_free_ap_rep(reply); return(ENOMEM); @@ -73,7 +77,7 @@ krb5_ap_rep_enc_part *repl; } /* call the encryption routine */ - if (retval = krb5_decrypt((krb5_pointer) reply->enc_part.data, + if (retval = krb5_decrypt((krb5_pointer) reply->enc_part.ciphertext.data, (krb5_pointer) scratch.data, scratch.length, &eblock, 0)) { (void) krb5_finish_key(&eblock); diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index 9be554eef..f63cfa5fe 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -84,7 +84,7 @@ krb5_tkt_authent *tktauthent; /* fetch a server key */ if (keyproc) { retval = (*keyproc)(keyprocarg, req->ticket->server, - req->ticket->skvno, &tkt_key); + req->ticket->enc_part.kvno, &tkt_key); } else { krb5_keytab keytabid; krb5_keytab_entry ktentry; @@ -98,7 +98,7 @@ krb5_tkt_authent *tktauthent; } if (!retval) { retval = krb5_kt_get_entry(keytabid, req->ticket->server, - req->ticket->skvno, &ktentry); + req->ticket->enc_part.kvno, &ktentry); (void) krb5_kt_close(keytabid); if (!retval) { retval = krb5_copy_keyblock(&ktentry.key, &tkt_key_real); @@ -189,9 +189,12 @@ krb5_authenticator **authpp; /* put together an eblock for this encryption */ - eblock.crypto_entry = krb5_keytype_array[sesskey->keytype]->system; + if (!valid_etype(request->authenticator.etype)) + return KRB5_PROG_ETYPE_NOSUPP; - scratch.length = request->authenticator.length; + eblock.crypto_entry = krb5_csarray[request->authenticator.etype]->system; + + scratch.length = request->authenticator.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) return(ENOMEM); @@ -202,7 +205,7 @@ krb5_authenticator **authpp; } /* call the encryption routine */ - if (retval = krb5_decrypt((krb5_pointer) request->authenticator.data, + if (retval = krb5_decrypt((krb5_pointer) request->authenticator.ciphertext.data, (krb5_pointer) scratch.data, scratch.length, &eblock, 0)) { (void) krb5_finish_key(&eblock); -- 2.26.2