From 93c6396e991b4e4acffbb35b1f13ec00f93d52d6 Mon Sep 17 00:00:00 2001 From: John Kohl Date: Mon, 5 Feb 1990 15:33:32 +0000 Subject: [PATCH] need to put length of key into encrypted stuff git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@284 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/kdb/encrypt_key.c | 49 ++++++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 6 deletions(-) diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c index 59a290938..435a60ee2 100644 --- a/src/lib/kdb/encrypt_key.c +++ b/src/lib/kdb/encrypt_key.c @@ -17,6 +17,7 @@ static char rcsid_encrypt_key_c [] = #include #include +#include #include #include @@ -26,17 +27,33 @@ krb5_keyblock *in; krb5_keyblock *out; krb5_encrypt_block *eblock; { + /* encrypted rep has a length encrypted along with the key, + so that we win if the keysize != blocksize. + However, this means an extra block (at least) if + keysize == blocksize. */ + + krb5_error_code retval; + *out = *in; out->length = krb5_encrypt_size(in->length, eblock->crypto_entry); + out->length += sizeof(out->length); out->contents = (krb5_octet *)malloc(out->length); if (!out->contents) { out->contents = 0; out->length = 0; return ENOMEM; } - return (*eblock->crypto_entry->encrypt_func)((krb5_pointer) in->contents, - (krb5_pointer) out->contents, - in->length, eblock); + bcopy(&out->length, out->contents, sizeof(out->length)); + if (retval = (*eblock->crypto_entry-> + encrypt_func)((krb5_pointer) in->contents, + ((krb5_pointer) out->contents) + + sizeof(out->length), + in->length, eblock)) { + free((char *)out->contents); + out->contents = 0; + out->length = 0; + } + return retval; } krb5_error_code @@ -45,6 +62,8 @@ krb5_keyblock *in; krb5_keyblock *out; krb5_encrypt_block *eblock; { + krb5_error_code retval; + *out = *in; out->length = krb5_encrypt_size(in->length, eblock->crypto_entry); out->contents = (krb5_octet *)malloc(out->length); @@ -53,7 +72,25 @@ krb5_encrypt_block *eblock; out->length = 0; return ENOMEM; } - return (*eblock->crypto_entry->decrypt_func)((krb5_pointer) in->contents, - (krb5_pointer) out->contents, - in->length, eblock); + if (retval = (*eblock->crypto_entry-> + decrypt_func)((krb5_pointer) in->contents, + (krb5_pointer) out->contents, + in->length, eblock)) { + free((char *)out->contents); + out->contents = 0; + out->length = 0; + return retval; + } + out->length -= sizeof(out->length); + if (out->length < 0) { + free((char *)out->contents); + out->contents = 0; + out->length = 0; + return KRB5_KDB_INVALIDKEYSIZE; + } + /* shift key down to beginning of contents, and ignore extra wasted + space */ + bcopy(out->contents, ((krb5_pointer) out->contents ) + sizeof(out->length), + out->length); + return retval; } -- 2.26.2