From 88b493e4b97e118c13eef58209ddf3cd058ca5e0 Mon Sep 17 00:00:00 2001
From: Theodore Tso <tytso@mit.edu>
Date: Sat, 18 Nov 1995 03:39:15 +0000
Subject: [PATCH] get_in_tkt.c (decrypt_as_reply): preauth.c (process_pw_salt):
 When fetching the key to decrypting the 	encrypted kdc reply, use the
 etype associated with the etype 	reply, not the etype associated with
 the included ticket.

encode_kdc.c: Remove eblock argument from krb5_encode_kdc_rep;
	set the eblock type from the client_key's enctype.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7117 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/krb/ChangeLog    | 11 +++++++++++
 src/lib/krb5/krb/encode_kdc.c | 17 +++++++++--------
 src/lib/krb5/krb/get_in_tkt.c |  2 +-
 src/lib/krb5/krb/preauth.c    |  2 +-
 4 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 7c307bf10..a85215426 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,14 @@
+Fri Nov 17 22:35:52 1995  Theodore Y. Ts'o  <tytso@dcl>
+
+	* get_in_tkt.c (decrypt_as_reply): 
+	* preauth.c (process_pw_salt): When fetching the key to decrypting
+		the encrypted kdc reply, use the etype associated with the
+		etype reply, not the etype associated with the included
+		ticket. 
+
+	* encode_kdc.c: Remove eblock argument from krb5_encode_kdc_rep;
+		set the eblock type from the client_key's enctype.
+
 Thu Nov 16 20:29:17 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
 	* srv_rcache.c (krb5_get_server_rcache): Use krb5_rc_default_type
diff --git a/src/lib/krb5/krb/encode_kdc.c b/src/lib/krb5/krb/encode_kdc.c
index 502a87ecb..bb9311f6a 100644
--- a/src/lib/krb5/krb/encode_kdc.c
+++ b/src/lib/krb5/krb/encode_kdc.c
@@ -41,11 +41,10 @@
 /* due to argument promotion rules, we need to use the DECLARG/OLDDECLARG
    stuff... */
 krb5_error_code
-krb5_encode_kdc_rep(context, type, encpart, eblock, client_key, dec_rep, enc_rep)
+krb5_encode_kdc_rep(context, type, encpart, client_key, dec_rep, enc_rep)
     krb5_context context;
     const krb5_msgtype type;
     const krb5_enc_kdc_rep_part * encpart;
-    krb5_encrypt_block * eblock;
     const krb5_keyblock * client_key;
     krb5_kdc_rep * dec_rep;
     krb5_data ** enc_rep;
@@ -53,6 +52,7 @@ krb5_encode_kdc_rep(context, type, encpart, eblock, client_key, dec_rep, enc_rep
     krb5_data *scratch;
     krb5_error_code retval;
     krb5_enc_kdc_rep_part tmp_encpart;
+    krb5_encrypt_block eblock;
 
     if (!valid_enctype(dec_rep->enc_part.enctype))
 	return KRB5_PROG_ETYPE_NOSUPP;
@@ -89,8 +89,9 @@ krb5_encode_kdc_rep(context, type, encpart, eblock, client_key, dec_rep, enc_rep
 #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
 krb5_free_data(context, scratch); }
 
+    krb5_use_enctype(context, &eblock, client_key->enctype);
     dec_rep->enc_part.ciphertext.length =
-	krb5_encrypt_size(scratch->length, eblock->crypto_entry);
+	krb5_encrypt_size(scratch->length, eblock.crypto_entry);
     /* add padding area, and zero it */
     if (!(scratch->data = realloc(scratch->data,
 				  dec_rep->enc_part.ciphertext.length))) {
@@ -113,26 +114,26 @@ free(dec_rep->enc_part.ciphertext.data); \
 dec_rep->enc_part.ciphertext.length = 0; \
 dec_rep->enc_part.ciphertext.data = 0;}
 
-    retval = krb5_process_key(context, eblock, client_key);
+    retval = krb5_process_key(context, &eblock, client_key);
     if (retval) {
 	goto clean_encpart;
     }
 
-#define cleanup_prockey() {(void) krb5_finish_key(context, eblock);}
+#define cleanup_prockey() {(void) krb5_finish_key(context, &eblock);}
 
     retval = krb5_encrypt(context, (krb5_pointer) scratch->data,
 			      (krb5_pointer) dec_rep->enc_part.ciphertext.data,
-			      scratch->length, eblock, 0);
+			      scratch->length, &eblock, 0);
     if (retval) {
 	goto clean_prockey;
     }
 
-    dec_rep->enc_part.enctype = krb5_eblock_enctype(context, eblock);
+    dec_rep->enc_part.enctype = krb5_eblock_enctype(context, &eblock);
 
     /* do some cleanup */
     cleanup_scratch();
 
-    retval = krb5_finish_key(context, eblock);
+    retval = krb5_finish_key(context, &eblock);
     if (retval) {
 	cleanup_encpart();
 	return retval;
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 58bc1225a..52b4dd813 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -197,7 +197,7 @@ decrypt_as_reply(context, request, as_reply, key_proc, keyseed, key,
 	if ((retval = krb5_principal2salt(context, request->client, &salt)))
 	    return(retval);
     
-	retval = (*key_proc)(context, as_reply->ticket->enc_part.enctype,
+	retval = (*key_proc)(context, as_reply->enc_part.enctype,
 			     &salt, keyseed, &decrypt_key);
 	krb5_xfree(salt.data);
 	if (retval)
diff --git a/src/lib/krb5/krb/preauth.c b/src/lib/krb5/krb/preauth.c
index 4bfe9705a..86aa899b5 100644
--- a/src/lib/krb5/krb/preauth.c
+++ b/src/lib/krb5/krb/preauth.c
@@ -305,7 +305,7 @@ process_pw_salt(context, padata, request, as_reply,
     salt.data = (char *) padata->contents;
     salt.length = padata->length;
     
-    if ((retval = (*key_proc)(context, as_reply->ticket->enc_part.enctype,
+    if ((retval = (*key_proc)(context, as_reply->enc_part.enctype,
 			      &salt, keyseed, decrypt_key))) {
 	*decrypt_key = 0;
 	return retval;
-- 
2.26.2